macOS Monterey 12 リリース及び macOS Monterey 12.0.1 のセキュリティコンテンツについて (2021.10.25)

(2021年10月27日掲載)

Apple より macOS Monterey(12)がリリースされました。提供は App Store からとなります。
アップデート前には必ずバックアップを取得した上での作業をお勧めいたします。

なお、リリース後にmacOS Monterey 12.0.1 がリリースされております。以下の項目に関するものとなっておりますので、セキュリティコンテンツについての内容より引用致します。※英語版からの引用となります。


macOS Monterey 12.0.1

Released October 25, 2021


AppKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to elevate privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-30873: Thijs Alkemade of Computest


AppleScript

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30876: Jeremy Brown, hjy79425575
CVE-2021-30879: Jeremy Brown, hjy79425575
CVE-2021-30877: Jeremy Brown
CVE-2021-30880: Jeremy Brown


Audio

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab


Bluetooth

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America


ColorSync

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero


Continuity Camera

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher


CoreAudio

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro


CoreGraphics

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919


FileProvider

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360


Game Center

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to access information about a user's contacts

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30895: Denis Tokarev


Game Center

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to read user's gameplay data

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30896: Denis Tokarev


iCloud

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga


Intel Graphics Driver

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto


Intel Graphics Driver

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, Jack Dates of RET2 Systems, Inc.


IOGraphics

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications


IOMobileFrameBuffer

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher


Kernel

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30886: @0xalsr


Kernel

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab


Kernel

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab


LaunchServices

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved state management.

CVE-2021-30864: Ron Hass (@ronhass7) of Perception Point


Login Window

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS

Description: This issue was addressed with improved checks.

CVE-2021-30813: Benjamin Berger of BBetterTech LLC, Peter Goedtkindt of Informatique-MTF S.A., an anonymous researcher


Model I/O

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro


Model I/O

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab


Sandbox

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A local attacker may be able to read sensitive information

Description: A permissions issue was addressed with improved validation.

CVE-2021-30920: Csaba Fitzl (@theevilbit) of Offensive Security


SMB

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs


SoftwareUpdate

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may gain access to a user's Keychain items

Description: The issue was addressed with improved permissions logic.

CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab


SoftwareUpdate

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: An unprivileged application may be able to edit NVRAM variables

Description: The issue was addressed with improved permissions logic.

CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab


UIKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A person with physical access to an iOS device may be determine characteristics of a user's password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos


WebKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: An attacker in a privileged network position may be able to bypass HSTS

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30823: David Gullasch of Recurity Labs


WebKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.


WebKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash (@1lastBr3ath)


WebKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab


WebKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30861: Wojciech Reguła (@_r3ggi), Ryan Pickren (ryanpickren.com)


WebKit

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2021-30890: an anonymous researcher


Windows Server

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: A local attacker may be able to view the previous logged in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2021-30908: ASentientBot


xar

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)


Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2021-30833: Richard Warren of NCC Group


zsh

Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 2015 and later), Mac mini (Late 2014 and later), iMac (Late 2015 and later), MacBook (Early 2016 and later), iMac Pro (2017 and later)

Impact: A malicious application may be able to modify protected parts of the file system

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30892: Jonathan Bar Or of Microsoft



Additional recognition

APFS

We would like to acknowledge Koh M. Nakagawa of FFRI Security, Inc. for their assistance.


App Support

We would like to acknowledge an anonymous researcher, 漂亮鼠 of 赛博回忆录 for their assistance.


Bluetooth

We would like to acknowledge say2 of ENKI for their assistance.


CUPS

We would like to acknowledge an anonymous researcher for their assistance.


iCloud

We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.


Kernel

We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance.


Mail

We would like to acknowledge Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences for their assistance.


Managed Configuration

We would like to acknowledge Michal Moravec of Logicworks, s.r.o. for their assistance.


smbx

We would like to acknowledge Zhongcheng Li (CK01) for their assistance.


WebKit

We would like to acknowledge Ivan Fratric of Google Project Zero, Pavel Gromadchuk, an anonymous researcher for their assistance.

page top