Apple Macos

A flaw was found in OpenLDAP

CVE-2020-25709 7.5 - High - May 18, 2021

A flaw was found in OpenLDAP. This flaw allows an attacker who can send a malicious packet to be processed by OpenLDAPs slapd server, to trigger an assertion failure. The highest threat from this vulnerability is to system availability.

assertion failure

A logic issue was addressed with improved state management

CVE-2021-1802 7.8 - High - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A local attacker may be able to elevate their privileges.

Improper Privilege Management

The issue was addressed with improved permissions logic

CVE-2021-1803 3.3 - Low - April 02, 2021

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.0.1. A local application may be able to enumerate the user's iCloud documents.

An out-of-bounds write was addressed with improved input validation

CVE-2021-1805 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-1818 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

A race condition was addressed with additional validation

CVE-2021-1806 7 - High - April 02, 2021

A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges.

Race Condition

A logic issue was addressed with improved restrictions

CVE-2021-1870 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

A logic issue was addressed with improved restrictions

CVE-2021-1871 9.8 - Critical - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

An out-of-bounds read was addressed with improved input validation

CVE-2021-1790 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1753 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2021-1761 7.5 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

This issue was addressed with improved checks

CVE-2021-1793 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

The issue was addressed with improved permissions logic

CVE-2021-1797 5.5 - Medium - April 02, 2021

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.

A port redirection issue was addressed with additional port validation

CVE-2021-1799 6.5 - Medium - April 02, 2021

A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on arbitrary servers.

This issue was addressed with improved iframe sandbox enforcement

CVE-2021-1801 6.5 - Medium - April 02, 2021

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

A memory corruption issue was addressed with improved validation

CVE-2021-1844 8.8 - High - April 02, 2021

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Buffer Overflow

A logic issue was addressed with improved restrictions

CVE-2020-10008 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.0.1. A malicious application with root privileges may be able to access private information.

An issue existed in screen sharing

CVE-2020-27893 6.5 - Medium - April 02, 2021

An issue existed in screen sharing. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A user with screen sharing access may be able to view another user's screen.

A use after free issue was addressed with improved memory management

CVE-2020-27899 7.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1, watchOS 7.1, tvOS 14.2. A local attacker may be able to elevate their privileges.

Dangling pointer

A logic issue was addressed with improved restrictions

CVE-2020-27901 6.3 - Medium - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.

AuthZ

A logic issue was addressed with improved restrictions

CVE-2020-27901 6.3 - Medium - April 02, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. A sandboxed process may be able to circumvent sandbox restrictions.

AuthZ

A memory corruption issue was addressed with improved memory handling

CVE-2020-27907 7.8 - High - April 02, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

Buffer Overflow

A memory corruption issue was addressed with improved memory handling

CVE-2020-27907 7.8 - High - April 02, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

Buffer Overflow

A memory corruption issue existed in the processing of font files

CVE-2020-27943 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in tvOS 14.3, iOS 14.3 and iPadOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.2. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

A memory corruption issue existed in the processing of font files

CVE-2020-27944 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

This issue was addressed with improved checks

CVE-2020-27939 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

An integer overflow was addressed with improved input validation

CVE-2020-27945 7.8 - High - April 02, 2021

An integer overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.0.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Integer Overflow or Wraparound

A memory corruption issue was addressed with improved input validation

CVE-2020-29616 7.8 - High - April 02, 2021

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Buffer Overflow

An out-of-bounds read was addressed with improved input validation

CVE-2020-29618 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-29619 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2020-29621 5.5 - Medium - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to bypass Privacy preferences.

AuthZ

A memory corruption issue existed in the processing of font files

CVE-2020-29624 7.8 - High - April 02, 2021

A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font file may lead to arbitrary code execution.

Buffer Overflow

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-9955 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2020-9975 7.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An application may be able to execute arbitrary code with kernel privileges.

Dangling pointer

An out-of-bounds write was addressed with improved input validation

CVE-2021-1737 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1743 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-29615 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted image may lead to a denial of service.

Out-of-bounds Read

This issue was addressed with improved setting propagation

CVE-2020-9978 4.5 - Medium - April 02, 2021

This issue was addressed with improved setting propagation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. An attacker in a privileged network position may be able to unexpectedly alter application state.

An out-of-bounds read was addressed with improved input validation

CVE-2021-1736 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds write was addressed with improved input validation

CVE-2021-1738 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved checks

CVE-2021-1742 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-27897 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. An application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A memory corruption issue was addressed with improved input validation

CVE-2020-27947 7.8 - High - April 02, 2021

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An application may be able to execute arbitrary code with kernel privileges.

Buffer Overflow

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-27948 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved checks to prevent unauthorized actions

CVE-2020-27949 5.5 - Medium - April 02, 2021

This issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may cause unexpected changes in memory belonging to processes traced by DTrace.

An out-of-bounds read was addressed with improved bounds checking

CVE-2020-29608 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, watchOS 7.2. A remote attacker may be able to leak memory.

Out-of-bounds Read

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-29612 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to execute arbitrary code with system privileges.

Memory Corruption

This issue was addressed with improved checks

CVE-2020-29625 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. Processing a maliciously crafted image may lead to arbitrary code execution.

A buffer overflow was addressed with improved size validation

CVE-2020-9962 7.8 - High - April 02, 2021

A buffer overflow was addressed with improved size validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted image may lead to arbitrary code execution.

Classic Buffer Overflow

A logic issue was addressed with improved validation

CVE-2020-9971 7.8 - High - April 02, 2021

A logic issue was addressed with improved validation. This issue is fixed in watchOS 7.0, tvOS 14.0, iOS 14.0 and iPadOS 14.0, macOS Big Sur 11.0.1. A malicious application may be able to elevate privileges.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1741 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

An information disclosure issue was addressed with improved state management

CVE-2020-27946 5.5 - Medium - April 02, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted font may result in the disclosure of process memory.

Information Disclosure

An out-of-bounds write was addressed with improved input validation

CVE-2020-27952 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, macOS Big Sur 11.0.1. Processing a maliciously crafted font file may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2020-29610 5.5 - Medium - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in watchOS 7.2, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted audio file may disclose restricted memory.

Out-of-bounds Read

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2020-29611 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved checks

CVE-2020-29614 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. Processing a maliciously crafted file may lead to heap corruption.

An out-of-bounds read was addressed with improved input validation

CVE-2020-29617 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 14.3, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, iCloud for Windows 12.0, watchOS 7.2. Processing a maliciously crafted image may lead to heap corruption.

Out-of-bounds Read

This issue was addressed with improved entitlements

CVE-2020-29620 7.8 - High - April 02, 2021

This issue was addressed with improved entitlements. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to elevate privileges.

Improper Privilege Management

"Clear History and Website Data" did not clear the history

CVE-2020-29623 3.3 - Low - April 02, 2021

"Clear History and Website Data" did not clear the history. The issue was addressed with improved data deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing history.

An authentication issue was addressed with improved state management

CVE-2020-29633 8.8 - High - April 02, 2021

An authentication issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. An attacker in a privileged network position may be able to bypass authentication policy.

authentification

An out-of-bounds read was addressed with improved input validation

CVE-2020-9956 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted font file may lead to arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2020-9960 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Out-of-bounds Read

Multiple memory corruption issues were addressed with improved input validation

CVE-2020-9967 7.8 - High - April 02, 2021

Multiple memory corruption issues were addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. A remote attacker may be able to cause unexpected system termination or corrupt kernel memory.

Buffer Overflow

This issue was addressed with improved checks

CVE-2021-1746 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds write was addressed with improved input validation

CVE-2021-1747 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing maliciously crafted web content may lead to code execution.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-1751 7.8 - High - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-1754 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1757 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1768 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Out-of-bounds Read

A logic issue was addressed with improved validation

CVE-2021-1769 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication.

A use after free issue was addressed with improved memory management

CVE-2021-1764 7.5 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause a denial of service.

Dangling pointer

This issue was addressed with improved iframe sandbox enforcement

CVE-2021-1765 6.5 - Medium - April 02, 2021

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

This issue was addressed with improved checks

CVE-2021-1766 5.5 - Medium - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

A logic issue was addressed with improved state management

CVE-2021-1773 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

This issue was addressed with improved checks

CVE-2021-1774 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed by removing the vulnerable code

CVE-2021-1775 7.8 - High - April 02, 2021

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted font may lead to arbitrary code execution.

An out-of-bounds write issue was addressed with improved bounds checking

CVE-2021-1776 7.8 - High - April 02, 2021

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted font file may lead to arbitrary code execution.

Memory Corruption

This issue was addressed with improved checks

CVE-2021-1777 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read issue existed in the curl

CVE-2021-1778 5.5 - Medium - April 02, 2021

An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to a denial of service.

Out-of-bounds Read

A logic error in kext loading was addressed with improved state handling

CVE-2021-1779 7.8 - High - April 02, 2021

A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges.

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1758 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2021-1759 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

A memory corruption issue was addressed with improved state management

CVE-2021-1760 5.5 - Medium - April 02, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application could execute arbitrary code leading to compromise of user information.

Buffer Overflow

A buffer overflow was addressed with improved bounds checking

CVE-2021-1763 7.8 - High - April 02, 2021

A buffer overflow was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Classic Buffer Overflow

This issue was addressed with improved checks

CVE-2021-1767 7.8 - High - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.

Buffer Overflow

A privacy issue existed in the handling of Contact cards

CVE-2021-1781 5.5 - Medium - April 02, 2021

A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information.

A race condition was addressed with improved locking

CVE-2021-1782 7 - High - April 02, 2021

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

Improper Privilege Management

An access issue was addressed with improved memory management

CVE-2021-1783 7.8 - High - April 02, 2021

An access issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read was addressed with improved input validation

CVE-2021-1785 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Out-of-bounds Read

A lock screen issue allowed access to contacts on a locked device

CVE-2021-1755 2.4 - Low - April 02, 2021

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.0.1. A person with physical access to an iOS device may be able to access contacts from the lock screen.

AuthZ

A stack overflow was addressed with improved input validation

CVE-2021-1772 7.8 - High - April 02, 2021

A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-1786 5.5 - Medium - April 02, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to create or modify system files.

Multiple issues were addressed with improved logic

CVE-2021-1787 7.8 - High - April 02, 2021

Multiple issues were addressed with improved logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local attacker may be able to elevate their privileges.

Improper Privilege Management

A use after free issue was addressed with improved memory management

CVE-2021-1788 8.8 - High - April 02, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Dangling pointer

A type confusion issue was addressed with improved state handling

CVE-2021-1789 8.8 - High - April 02, 2021

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Object Type Confusion

An out-of-bounds read issue existed that led to the disclosure of kernel memory

CVE-2021-1791 5.5 - Medium - April 02, 2021

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.

Out-of-bounds Read

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-1792 8.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution.

Out-of-bounds Read

An out-of-bounds write was addressed with improved input validation

CVE-2021-1744 7.8 - High - April 02, 2021

An out-of-bounds write was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution.

Memory Corruption

An out-of-bounds read was addressed with improved input validation

CVE-2021-1745 7.8 - High - April 02, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2021-1771 3.3 - Low - April 02, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. A user that is removed from an iMessage group could rejoin the group.