De definitieve versie van macOS 12 Monterey is uit en ik ben er nog geen  bugs in tegengekomen op mijn 16-inch MacBook Pro uit 2019. Maar Apple vergeet natuurlijk de gebruikers van Big Sur niet. Daarom staat er een update voor iedereen met macOS 11 Big Sur op Apple’s servers klaar.

Zoals je in de (karige) release notes hieronder kan zien is deze update alleen bedoeld om de veiligheid te verhogen. Maar kijk je op de pagina waarnaar in diezelfde release notes verwezen wordt dan blijkt er een enorme waslijst aan problemen te zijn verholpen.



Hieronder de complete lijst, die door zijn lengte nog eens duidelijk maakt hoezeer besturingssystemen constant onder vuur liggen.

AppleScript

Available for: macOS Big Sur
Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown

Audio

Available for: macOS Big Sur
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input validation.
CVE-2021-30907: Zweig of Kunlun Lab

Bluetooth

Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved state handling.
CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

ColorSync

Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

CoreGraphics

Available for: macOS Big Sur
Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-30919

FileProvider

Available for: macOS Big Sur
Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution
Description: An input validation issue was addressed with improved memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

iCloud

Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga

Intel Graphics Driver

Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto

Intel Graphics Driver

Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.
CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Yinyi Wu (@3ndy1), Jack Dates of RET2 Systems, Inc.

IOGraphics

Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications

IOMobileFrameBuffer

Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30883: an anonymous researcher

Kernel

Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30909: Zweig of Kunlun Lab

Kernel

Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
CVE-2021-30916: Zweig of Kunlun Lab

Model I/O

Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may disclose user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

SMB

Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs

SoftwareUpdate

Available for: macOS Big Sur
Impact: An unprivileged application may be able to edit NVRAM variables
Description: The issue was addressed with improved permissions logic.
CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

SoftwareUpdate

Available for: macOS Big Sur
Impact: A malicious application may gain access to a user's Keychain items
Description: The issue was addressed with improved permissions logic.
CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab

UIKit

Available for: macOS Big Sur
Impact: A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field
Description: A logic issue was addressed with improved state management.
CVE-2021-30915: Kostas Angelopoulos

Windows Server

Available for: macOS Big Sur
Impact: A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen
Description: An authentication issue was addressed with improved state management.
CVE-2021-30908: ASentientBot

zsh

Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts of the file system
Description: An inherited permissions issue was addressed with additional restrictions.
CVE-2021-30892: Jonathan Bar Or of Microsoft

#BigSur #macOS #Update

Tevens beschikbaar voor Catalina en heet dan:

macOS Catalina Security Update 2021-007 10.15.7

De verholpen issues zijn vrijwel hetzelfde als in de Big Sur update.