Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.

• iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.
• iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.
• Safari is a graphical web browser developed by Apple, based on the WebKit engine.
• watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.
• macOS Big Sur is the 17th and current major release of macOS.
• macOS Catalina is the 16th major release of macOS.
• macOS Mojave is the 15th major release of macOS.
• tvOS is an operating system for fourth-generation Apple TV digital media player.
  Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution with kernel or root privileges.

There are no reports of these vulnerabilities being exploited in the wild.

Multiple vulnerabilities have been discovered in Apple macOS/iOS, the most severe of which could allow for arbitrary code execution with kernel or root privileges. Details of these vulnerabilities are as follows:

• A shortcut may be able to bypass Internet permission requirements due to an input validation issue in ActionKit (CVE-2021-30763)
• A memory corruption issue in the AMD kernel may lead to arbitrary code execution with kernel privileges (CVE-2021-30805)
• Opening a maliciously crafted file may lead to unexpected AppKit termination or arbitrary code execution (CVE-2021-30790)
• A local attacker may be able to cause unexpected application termination or arbitrary code execution via Audio (CVE-2021-30781)
• A memory corruption issue within AVEVideoEncoder may lead to arbitrary code execution with kernel privileges (CVE-2021-30748)
• A malicious application may be able to gain root privileges due to a memory corruption issue in Bluetooth (CVE-2021-30672)
• Processing a maliciously crafted audio file may lead to arbitrary code execution due to a memory corruption issue in CoreAudio (CVE-2021-30775)
• Playing a malicious audio file may lead to unexpected application termination due to a logic issue with input validation in CoreAudio (CVE-2021-30776)
• Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution due to a race condition in CoreGraphics (CVE-2021-30786)
• A malicious application may be able to gain root privileges via CoreServices, and a sandboxed process may be able to circumvent restrictions (CVE-2021-30772, CVE-2021-30783)
• A malicious application may be able to gain root privileges due to an injection issue in CoreStorage (CVE-2021-30777)
• Processing a maliciously crafted font file may lead to arbitrary code execution or process memory disclosure due to out-of-bounds reads in CoreText (CVE-2021-30789, CVE-2021-30733)
• A malicious application may be able to gain root privileges due to a logic issue within Crash Reporter (CVE-2021-30774)
• A malicious application may be able to gain root privileges due to an out-of-bounds write issue in CVMS (CVE-2021-30780)
• A sandboxed process may be able to circumvent sandbox restrictions due to a logic issue in dyld (CVE-2021-30768)
• A malicious application may be able to access Find My data due to a permissions issue (CVE-2021-30804)
• Processing a maliciously crafted font file may lead to arbitrary code execution due to integer and stack overflows in FontParser (CVE-2021-30760, CVE-2021-30759)
• Processing a maliciously crafted tiff file with FontParser may lead to a denial-of-service or potentially disclose memory contents (CVE-2021-30788)
• A malicious application may be able to access a user’s recent Contacts due to a permissions issue in Identity Services (CVE-2021-30803)
• A malicious application may be able to bypass code signing checks due to a code signature validation issue in Identity Services (CVE-2021-30773)
• Processing maliciously crafted web content may lead to arbitrary code execution due to a use after free iddue in Image Processing (CVE-2021-30802)
• Processing a maliciously crafted image with may lead to arbitrary code execution due to a buffer overflow in ImageIO (CVE-2021-30779, CVE-2021-30785)
• An application may be able to cause unexpected system termination or write kernel memory due to an issue in Intel Graphics Driver (CVE-2021-30787)
• An application may be able to execute arbitrary code with kernel privileges due to an out-of-bounds write issue in Intel Graphics Driver (CVE-2021-30765, CVE-2021-30766)
• An unprivileged application may be able to capture USB devices due to an issue in IOUSBHostFamily (CVE-2021-30731)
• A local attacker may be able to execute code on the Apple T2 Security Chip due to multiple logic issues in IOKit (CVE-2021-30784)
• An application may be able to execute arbitrary code with kernel privileges due to logic issues in state management and double free issues in the kernel (CVE-2021-30703, CVE-2021-30793)
• A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication due to a kernel logic issue (CVE-2021-30769)
• An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations due to a kernel logic issue (CVE-2021-30770)
• A malicious application may be able to bypass Privacy preferences due to entitlement issues in Kext Management (CVE-2021-30778)
• A malicious application or sandboxed process may be able to break out of its sandbox or restrictions due to environment sanitization and access restriction issues in LaunchServices (CVE-2021-30677, CVE-2021-30783)
• A remote attacker may be able to cause arbitrary code execution due to an issue in libxml2 (CVE-2021-3518)
• Multiple issues were found in libwebp (CVE-2018-25010, CVE-2018-25011, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331)
• Processing a maliciously crafted image may lead to a denial of service due to a logic issue in Model I/O (CVE-2021-30796)
• Processing a maliciously crafted image may lead to arbitrary code execution due to an out-of-bounds write in Model I/O (CVE-2021-30792)
• Processing a maliciously crafted file may disclose user information due to an out-of-bounds read in Model I/O (CVE-2021-30791)
• A malicious application may be able to access restricted files due to an issue in Sandbox (CVE-2021-30782)
• A malicious application may be able to bypass certain Privacy preferences due to a logic issue in TCC (CVE-2021-30798)
• Processing maliciously crafted web content may lead to arbitrary code execution due to type confusion, use after free, and memory corruption issues in WebKit (CVE-2021-30758, CVE-2021-30795, CVE-2027-30797, CVE-2021-30799)
• Joining a malicious Wi-Fi network may result in a denial of service or arbitrary code execution (CVE-2021-30800)

We recommend the following actions be taken:

• Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.
• Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.
• Remind users not to download, accept or execute files from untrusted and unknown sources.
• Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.
• Evaluate read, write, and execute permissions on all newly installed software.
• Apply the Principle of Least Privilege to all systems and services.