About the security content of macOS Monterey 12.1

This document describes the security content of macOS Monterey 12.1.

About Apple security updates

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

macOS Monterey 12.1

Released December 13, 2021

Airport

Available for: macOS Monterey

Impact: A device may be passively tracked via BSSIDs

Description: An access issue was addressed with improved access restrictions.

CVE-2021-30987: Jason Meller, Fritz Ifert-Miller, and Joseph Sokol-Margolis of Kolide

Archive Utility

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30950: @gorelics

Audio

Available for: macOS Monterey

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

Bluetooth

Available for: macOS Monterey

Impact: A device may be passively tracked by its Bluetooth MAC address

Description: A device configuration issue was addressed with an updated configuration.

CVE-2021-30986: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

CFNetwork Proxies

Available for: macOS Monterey

Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations

Description: A logic issue was addressed with improved state management.

CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)

ColorSync

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio

Available for: macOS Monterey

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved memory handling.

CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

Entry updated May 25, 2022

CoreAudio

Available for: macOS Monterey

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

CoreBluetooth

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30935: an anonymous researcher

Entry added May 25, 2022

Crash Reporter

Available for: macOS Monterey

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

File Provider

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: A permissions issue was addressed with improved validation.

CVE-2021-31007: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added May 25, 2022

FontParser

Available for: macOS Monterey

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-31013: Daniel Lim Wee Soong of STAR Labs

Entry added September 16, 2022

Game Center

Available for: macOS Monterey

Impact: A malicious application may be able to read sensitive contact information

Description: A permissions issue was addressed with improved validation.

CVE-2021-31000: Denis Tokarev (@illusionofcha0s)

Entry added May 25, 2022

Graphics Drivers

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

ImageIO

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Mickey Jin (@patch1t) of Trend Micro, Jaewon Min of Cisco Talos, Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Entry updated May 25, 2022

Intel Graphics Driver

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, Jack Dates of RET2 Systems, Inc.

Entry updated May 25, 2022

IOMobileFrameBuffer

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30996: Saar Amar (@AmarSaar)

IOUSBHostFamily

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or heap corruption

Description: A race condition was addressed with improved locking.

CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

Kernel

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30955: Zweig of Kunlun Lab

LaunchServices

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

LaunchServices

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved validation.

CVE-2021-30990: Ron Masas of BreakPoint.sh

Messages

Available for: macOS Monterey

Impact: A malicious user may be able to leave a messages group but continue to receive messages in that group

Description: An issue in the handling of group membership was resolved with improved logic.

CVE-2021-30943: Joshua Sardella

Entry added May 25, 2022

Model I/O

Available for: macOS Monterey

Impact: Multiple issues in HDF5

Description: Multiple issues were addressed by removing HDF5.

CVE-2021-31009: Mickey Jin (@patch1t) of Trend Micro

Entry added May 25, 2022

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Preferences

Available for: macOS Monterey

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Sandbox

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics, and Ron Masas of BreakPoint.sh

Entry updated May 11, 2023

Sandbox

Available for: macOS Monterey

Impact: An application may be able to access a user's files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

Script Editor

Available for: macOS Monterey

Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions

Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

CVE-2021-30975: Ryan Pickren (ryanpickren.com)

SQLite

Available for: macOS Monterey

Impact: A malicious app may be able to access data from other apps by enabling additional logging

Description: A logic issue was addressed with improved state management.

CVE-2021-30944: Wojciech Reguła (@_r3ggi) of SecuRing

Entry added May 25, 2022

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: This issue was addressed with improved checks.

CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Csaba Fitzl (@theevilbit) of Offensive Security, jhftss (@patch1t), Wojciech Reguła (@_r3ggi)

Entry added May 25, 2022

TCC

Available for: macOS Monterey

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30964: Andy Grant of Zoom Video Communications

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2021-30970: Jonathan Bar Or of Microsoft

TCC

Available for: macOS Monterey

Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients

Description: A logic issue was addressed with improved state management.

CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30934: Dani Biro

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

CVE-2021-30951: Pangu via Tianfu Cup

Entry updated May 25, 2022

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30952: @18f and @jq0904 of DBAPP Security‘s weibin lab via Tianfu Cup

Entry updated May 25, 2022

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30984: Kunlun Lab via Tianfu Cup

Entry updated May 25, 2022

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30953: Jianjun Dai of 360 Vulnerability Research Institute via Tianfu Cup

Entry updated May 25, 2022

WebKit

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-30954: Kunlun Lab Kunlun Lab via Tianfu Cup

Entry updated May 25, 2022

Wi-Fi

Available for: macOS Monterey

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: This issue was addressed with improved checks.

CVE-2021-30938: Xinru Chi of Pangu Lab

Additional recognition

Admin Framework

We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance.

Bluetooth

We would like to acknowledge Haram Park, Korea University for their assistance.

CloudKit

We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.

ColorSync

We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.

Contacts

We would like to acknowledge Minchan Park (03stin) for their assistance.

Kernel

We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.

Model I/O

We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance.

Password Manager

We would like to acknowledge Pascal Wagler for their assistance.

Entry added May 25, 2022

Security

We would like to acknowledge Halle Winkler (@Politepix) of Politepix for their assistance.

Entry added May 25, 2022

WebKit

We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.

Entry updated May 25, 2022

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Ngày đăng: