ManualsPro Apple About the security content of macOS Big Sur 11.5

About the security content of macOS Big Sur 11.5

June 7, 2024
Apple

About the security content of macOS Big Sur 11.5

This document describes the security content of macOS Big Sur 11.5.

About Apple security updates

For our customers’ protection, Apple doesn’t disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE- ID when possible.

For more information about security, see the Apple Product Security page.

macOS Big Sur 11.5

Released July 21, 2021

AMD Kernel

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2021-30805: ABC Research s.r.o

AppKit

Available for: macOS Big Sur

Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution

Description: An information disclosure issue was addressed by removing the vulnerable code.

CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative

Audio

Available for: macOS Big Sur

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30781: tr3e

AVEVideoEncoder

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30748: George Nosenko

CoreAudio

Available for: macOS Big Sur

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: macOS Big Sur

Impact: Playing a malicious audio file may lead to an unexpected application termination

Description: A logic issue was addressed with improved validation.

CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics

Available for: macOS Big Sur

Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30786: ryuzaki

CoreServices

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: This issue was addressed with improved checks.

CVE-2021-30772: Zhongcheng Li (CK01)

CoreServices

Available for: macOS Big Sur

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: An access issue was addressed with improved access restrictions.

CVE-2021-30783: Ron Waisberg (@epsilan)

CoreStorage

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: An injection issue was addressed with improved validation.

CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

CoreText

Available for: macOS Big Sur

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team

Crash Reporter

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30774:  Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University

CVMS

Available for: macOS Big Sur

Impact: A malicious application may be able to gain root privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications

dyld

Available for: macOS Big Sur

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved validation.

CVE-2021-30768: Linus Henze (pinauten.de)

FontParser

Available for: macOS Big Sur

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30760: Sunglin of Knownsec 404 team

FontParser

Available for: macOS Big Sur

Impact: Processing a maliciously crafted tiff file may lead to a denial-of- service or potentially disclose memory contents

Description: This issue was addressed with improved checks.

CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

FontParser

Available for: macOS Big Sur

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A stack overflow was addressed with improved input validation.

CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative

Identity Services

Available for: macOS Big Sur

Impact: A malicious application may be able to access a user’s recent Contacts

Description: A permissions issue was addressed with improved validation.

CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security

ImageIO

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver

Available for: macOS Big Sur

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: This issue was addressed with improved checks.

CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative

Intel Graphics Driver

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30766: Liu Long of Ant Security Light-Year Lab

CVE-2021-30765: Liu Long of Ant Security Light-Year Lab

IOKit

Available for: macOS Big Sur

Impact: A local attacker may be able to execute code on the Apple T2 Security Chip

Description: Multiple issues were addressed with improved logic.

CVE-2021-30784: George Nosenko

Kernel

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-30793: Zuozhi Fan (@patternF) of Ant Security TianQiong Lab

Kext Management

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences

Description: This issue was addressed with improved entitlements.

CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security

libxml2

Available for: macOS Big Sur

Impact: A remote attacker may be able to cause arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-3518

Model I/O

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: A logic issue was addressed with improved validation.

CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative

Model I/O

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative

Sandbox

Available for: macOS Big Sur

Impact: A malicious application may be able to access restricted files

Description: This issue was addressed with improved checks.

CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security

TCC

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30758: Christoph Guttandin of Media Codings

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30795: Sergei Glazunov of Google Project Zero

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to code execution

Description: This issue was addressed with improved checks.

CVE-2021-30797:  Ivan Fratric of Google Project Zero

WebKit

Available for: macOS Big Sur

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2021-30799: Sergei Glazunov of Google Project Zero

Additional recognition

configd

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

CoreText

We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.

crontabs

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Sandbox

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Spotlight

We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance.

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: July 21, 2021

Read User Manual Online (PDF format)

Read User Manual Online (PDF format)  >>

Download This Manual (PDF format)

Download this manual  >>

Apple User Manuals

Apple 2nd Generation Pencil User Manual
Apple
Apple AirTag Device Tracker User Guide
Apple
Apple iPhone 11 Pro Simple Mobile Limited Warranty
Apple
Apple mobilebeacon iPad Mini Owner’s Manual
Apple
Apple mobilebeacon iPad Air Instructions
Apple
Apple Tv 4th Generation User Guide
Apple
Apple Watch SE GPS 40mm User Manual
Apple
Apple Watch Series 6 GPS 40mm User Manual
Apple
Apple Pencil A14 User Manual
Apple
Apple 20W USB-C Power Adapter User Manual
Apple
Apple AirTag Ultimate Tracking Device User Manual
Apple
APPLE 10thGen_FF iPad User Guide
Apple
Apple MP5 7 Inch Smart Screen Player User Manual
Apple
Apple Carplay Screen for Car User Manual
Apple
APPLE 2BEM5SINE Find My App User Guide
Apple
Apple iOS 17 New Features Available User Manual
Apple
Apple M2 iPad Air 13 inch 128GB Cellular Instructions
Apple
Apple A1975 Smart Watch User Guide
Apple
Apple A2473 Series Watch Midnight Aluminum User Manual
Apple
Apple A2436 iPad Pro 12.9 Tab User Manual
Apple

Related Manuals

ShiMi Ya C06 Bluetooth Speaker User Guide
ShiMi Ya
KLARSTEIN 10035854 Iceberg Breeze Air Cooler Instruction Manual
Klarstein
STIEBEL ELTRON EBK 5 K, KBA 5 KA Water Boiler Installation Guide
STIEBEL ELTRON
NEEWER RC-RGB 2.4G Wireless Remote Control Instruction Manual
NEEWER
Amica OSC6212 Kitchen Hood Instruction Manual
Amica
GAME OF BRICKS 40433 Light Kit for 1989 Batmobile Instruction Manual
Game Of Bricks
NationalMi Encompass 2022 Loan Origination System User Manual
NationalMi
Link2Home Dual USB Charger with Countdown Function Instruction Manual
Link2Home
RETEKESS TD020 Caregiver Pager System Wrist Call Button User Manual
RETEKESS
Sen Long East Technology HS005 Wireless Charger User Manual
Sen Long East Technology
Vitesco TECHNOLOGIES 2A6TC-DBRFM DTS Transceiver Instructions
vitesco TECHNOLOGIES
Red100 Lighting Red100 Beacon Smart LED Bulb Installation Guide
Red100 Lighting
mestic MWC-120 Kettle Instruction Manual
mestic
Cuisinart CTG-00-PCH4 SERIES Mini Manual Food Processor Instruction Manual
Cuisinart
Vesta kitchen VRH-SURREY-30SS 30 Inch Wide Stainless Steel Under Cabinet Range Hood User Manual
Vesta kitchen
IKEA VARIERA CLEANING CADDY Instructions
Ikea
SIEMENS FS140 Whole House Surge Protection Instruction Manual
SIEMENS
VECTOR FOG BY100 Mini Fogger Instruction Manual
VECTOR FOG
LennoxPros KHC Series Heat Pump Packaged Units Installation Guide
LennoxPros
skg retrogaming T5 Shoulder Massager User Guide
skg retrogaming
Danfoss MCE102A Automotive Controller Instruction Manual
Danfoss
Clarke CEW1100 Electric Impact Wrench User Manual
Clarke
ambrane 50000mAh Power Bank with 20W Boostedspeed User Manual
AMBRANE
Wicked Audio SHRED Wired Earbuds User Manual
WICKED AUDIO
Bright 021452 Mini Chopper Instruction Manual
Bright
Blomberg BOTR30102SS Over The Range Microwave Oven Instruction Manual
Blomberg
tekmar IOM-T-562 WiFi Thermostat 562 Installation Guide
tekmar
PENTAIR CPC104 Salt Chlorinator Commercial System Installation Guide
Pentair
Ramtons RM270 Traditional Electric Kettle User Manual
Ramtons
EATON Green Motion AC Chargers Secure Configuration User Guide
EATON
Contact Us   Privacy Policy   4.994ms