macOS Big Sur 11.5
Yesterday APPLE released macOS Big Sur 11.5. After almost 2 months they released a major upgrade in macOS. This particular release can be the final release of big sur 11. As we know that macOS Monterey is on going(beta).
This particular update comes with a great improvements and bug fixes. Big Sur is now mostly stable. No major bugs or hick-up. But in 11.4 there were some issues with weather app and other stock app crashing. So a update was necessary and Apple did it.
Download the update here:
https://apps.apple.com/us/app/macos-big-sur/id1526878132?mt=12
Here is the key note of the release:
macOS Big Sur 11.5
Released July 21, 2021
AMD Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved input validation.
CVE-2021-30805: ABC Research s.r.o
AppKit
Available for: macOS Big Sur
Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution
Description: An information disclosure issue was addressed by removing the vulnerable code.
CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative
Audio
Available for: macOS Big Sur
Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30781: tr3e
AVEVideoEncoder
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30748: George Nosenko
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Big Sur
Impact: Playing a malicious audio file may lead to an unexpected application termination
Description: A logic issue was addressed with improved validation.
CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur
Impact: Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution
Description: A race condition was addressed with improved state handling.
CVE-2021-30786: ryuzaki
CoreServices
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: This issue was addressed with improved checks.
CVE-2021-30772: Zhongcheng Li (CK01)
CoreServices
Available for: macOS Big Sur
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: An access issue was addressed with improved access restrictions.
CVE-2021-30783: Ron Waisberg (@epsilan)
CoreStorage
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: An injection issue was addressed with improved validation.
CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc
CoreText
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University
CVMS
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications
dyld
Available for: macOS Big Sur
Impact: A sandboxed process may be able to circumvent sandbox restrictions
Description: A logic issue was addressed with improved validation.
CVE-2021-30768: Linus Henze (pinauten.de)
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An integer overflow was addressed through improved input validation.
CVE-2021-30760: Sunglin of Knownsec 404 team
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: A stack overflow was addressed with improved input validation.
CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative
Identity Services
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user’s recent Contacts
Description: A permissions issue was addressed with improved validation.
CVE-2021-30803: Csaba Fitzl (@theevilbit) of Offensive Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro
Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to cause unexpected system termination or write kernel memory
Description: This issue was addressed with improved checks.
CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-30766: Liu Long of Ant Security Light-Year Lab
CVE-2021-30765: Liu Long of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur
Impact: A local attacker may be able to execute code on the Apple T2 Security Chip
Description: Multiple issues were addressed with improved logic.
CVE-2021-30784: George Nosenko
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab
Kext Management
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy preferences
Description: This issue was addressed with improved entitlements.
CVE-2021-30778: Csaba Fitzl (@theevilbit) of Offensive Security
libxml2
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-3518
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: A logic issue was addressed with improved validation.
CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-30792: Anonymous working with Trend Micro Zero Day Initiative
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30791: Anonymous working with Trend Micro Zero Day Initiative
Sandbox
Available for: macOS Big Sur
Impact: A malicious application may be able to access restricted files
Description: This issue was addressed with improved checks.
CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass certain Privacy preferences
Description: A logic issue was addressed with improved state management.
CVE-2021-30798: Mickey Jin (@patch1t) of Trend Micro
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-30758: Christoph Guttandin of Media Codings
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30795: Sergei Glazunov of Google Project Zero
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to code execution
Description: This issue was addressed with improved checks.
CVE-2021-30797: Ivan Fratric of Google Project Zero
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2021-30799: Sergei Glazunov of Google Project Zero
Posts
 Finally ){kind=link}
0 Comments