Multiple vulnerabilities have been discovered in Apple Products

by | Jul 22, 2021 | Advisories

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

  • iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
  • iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
  • Safari is a graphical web browser developed by Apple, based on the WebKit engine.
  • watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
  • macOS Big Sur is the 17th and current major release of macOS.
  • macOS Catalina is the 16th major release of macOS.
  • macOS Mojave is the 15th major release of macOS.
  • tvOS is an operating system for fourth-generation Apple TV digital media player.

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution with kernel or root privileges.

THREAT INTELLIGENCE: There are no reports of these vulnerabilities being exploited in the wild

SYSTEMS AFFECTED:

  • macOS Big Sur versions prior to 11.5
  • macOS Catalina prior to security update 2021-004
  • macOS Mojave prior to security update 2021-005
  • iOS and iPadOS versions prior to 14.7
  • Safari versions prior to 14.1.2
  • watchOS versions prior to 7.6
  • tvOS versions prior to 14.7

RISK:
Government:

  • Large and medium government entities: High
  • Small government entities: Medium

Businesses:

  • Large and medium business entities: High
  • Small business entities: Medium

Home users: Low

TECHNICAL SUMMARY:

Multiple vulnerabilities have been discovered in Apple macOS/iOS, the most severe of which could allow for arbitrary code execution with kernel or root privileges. Details of these vulnerabilities are as follows:

  • A shortcut may be able to bypass Internet permission requirements due to an input validation issue in ActionKit (CVE-2021-30763)
  • A memory corruption issue in the AMD kernel may lead to arbitrary code execution with kernel privileges (CVE-2021-30805)
  • Opening a maliciously crafted file may lead to unexpected AppKit termination or arbitrary code execution (CVE-2021-30790)
  • A local attacker may be able to cause unexpected application termination or arbitrary code execution via Audio (CVE-2021-30781)
  • A memory corruption issue within AVEVideoEncoder may lead to arbitrary code execution with kernel privileges (CVE-2021-30748)
  • A malicious application may be able to gain root privileges due to a memory corruption issue in Bluetooth (CVE-2021-30672)
  • Processing a maliciously crafted audio file may lead to arbitrary code execution due to a memory corruption issue in CoreAudio (CVE-2021-30775)
  • Playing a malicious audio file may lead to unexpected application termination due to a logic issue with input validation in CoreAudio (CVE-2021-30776)
  • Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution due to a race condition in CoreGraphics (CVE-2021-30786)
  • A malicious application may be able to gain root privileges via CoreServices, and a sandboxed process may be able to circumvent restrictions (CVE-2021-30772, CVE-2021-30783)
  • A malicious application may be able to gain root privileges due to an injection issue in CoreStorage (CVE-2021-30777)
  • Processing a maliciously crafted font file may lead to arbitrary code execution or process memory disclosure due to out-of-bounds reads in CoreText (CVE-2021-30789, CVE-2021-30733)
  • A malicious application may be able to gain root privileges due to a logic issue within Crash Reporter (CVE-2021-30774)
  • A malicious application may be able to gain root privileges due to an out-of-bounds write issue in CVMS (CVE-2021-30780)
  • A sandboxed process may be able to circumvent sandbox restrictions due to a logic issue in dyld (CVE-2021-30768)
  • A malicious application may be able to access Find My data due to a permissions issue (CVE-2021-30804)
  • Processing a maliciously crafted font file may lead to arbitrary code execution due to integer and stack overflows in FontParser (CVE-2021-30760, CVE-2021-30759)
  • Processing a maliciously crafted tiff file with FontParser may lead to a denial-of-service or potentially disclose memory contents (CVE-2021-30788)
  • A malicious application may be able to access a user’s recent Contacts due to a permissions issue in Identity Services (CVE-2021-30803)
  • A malicious application may be able to bypass code signing checks due to a code signature validation issue in Identity Services (CVE-2021-30773)
  • Processing maliciously crafted web content may lead to arbitrary code execution due to a use after free iddue in Image Processing (CVE-2021-30802)
  • Processing a maliciously crafted image with may lead to arbitrary code execution due to a buffer overflow in ImageIO (CVE-2021-30779, CVE-2021-30785)
  • An application may be able to cause unexpected system termination or write kernel memory due to an issue in Intel Graphics Driver (CVE-2021-30787)
  • An application may be able to execute arbitrary code with kernel privileges due to an out-of-bounds write issue in Intel Graphics Driver (CVE-2021-30765, CVE-2021-30766)
  • An unprivileged application may be able to capture USB devices due to an issue in IOUSBHostFamily (CVE-2021-30731)
  • A local attacker may be able to execute code on the Apple T2 Security Chip due to multiple logic issues in IOKit (CVE-2021-30784)
  • An application may be able to execute arbitrary code with kernel privileges due to logic issues in state management and double free issues in the kernel (CVE-2021-30703, CVE-2021-30793)
  • A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication due to a kernel logic issue (CVE-2021-30769)
  • An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations due to a kernel logic issue (CVE-2021-30770)
  • A malicious application may be able to bypass Privacy preferences due to entitlement issues in Kext Management (CVE-2021-30778)
  • A malicious application or sandboxed process may be able to break out of its sandbox or restrictions due to environment sanitization and access restriction issues in LaunchServices (CVE-2021-30677, CVE-2021-30783)
  • A remote attacker may be able to cause arbitrary code execution due to an issue in libxml2 (CVE-2021-3518)
  • Multiple issues were found in libwebp (CVE-2018-25010, CVE-2018-25011, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331)
  • Processing a maliciously crafted image may lead to a denial of service due to a logic issue in Model I/O (CVE-2021-30796)
  • Processing a maliciously crafted image may lead to arbitrary code execution due to an out-of-bounds write in Model I/O (CVE-2021-30792)
  • Processing a maliciously crafted file may disclose user information due to an out-of-bounds read in Model I/O (CVE-2021-30791)
  • A malicious application may be able to access restricted files due to an issue in Sandbox (CVE-2021-30782)
  • A malicious application may be able to bypass certain Privacy preferences due to a logic issue in TCC (CVE-2021-30798)
  • Processing maliciously crafted web content may lead to arbitrary code execution due to type confusion, use after free, and memory corruption issues in WebKit (CVE-2021-30758, CVE-2021-30795, CVE-2027-30797, CVE-2021-30799)
  • Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution (CVE-2021-30800)

RECOMMENDATIONS:

We recommend the following actions be taken:

  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
  • Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
  • Remind users not to download, accept or execute files from untrusted and unknown sources.
  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.
  • Evaluate read, write, and execute permissions on all newly installed software.
  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:
Apple:
https://support.apple.com/en-us/HT201222

https://support.apple.com/en-us/HT212600

https://support.apple.com/en-us/HT212601

https://support.apple.com/en-us/HT212602

https://support.apple.com/en-us/HT212603

https://support.apple.com/en-us/HT212604

https://support.apple.com/en-us/HT212605

https://support.apple.com/en-us/HT212606

CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25010

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25011

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-25014

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36328

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36329

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36330

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-36331
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3518

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30672

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30677

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30703

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30731

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30733

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30748

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30758

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30759

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30760

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30763

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30765

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30766

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30768

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30769

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30770

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30772

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30773

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30774

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30775

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30776

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30777

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30778

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30779

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30780

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30781

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30782

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30783

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30784

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30785

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30786

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30787

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30788

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30789

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30790

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30791

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30792

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30793

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30795

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30796

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30797

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30798

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30799

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30800

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30802

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30803

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30804

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30805