Apple has released Security Update 2021-003 for macOS 10.15 Catalina and Security Update 2021-004 for 10.14 Mojave, patching 36 security vulnerabilities in Catalina and 30 vulnerabilities in Mojave. Both updates address logic issues with the kernel that could allow an application to execute arbitrary code with kernel privileges, resolve a logic issue with AppleScript that could allow a malicious application to bypass Gatekeeper checks, and address several Heimdal-related memory corruption and logic issues. None of these vulnerabilities are actively being exploited in the wild, so there’s likely no harm in waiting a week or two before installing. If you notice any problems after updating, please let us know in the comments. (Free, various sizes, Catalina release notes and Mojave release notes, macOS 10.15.7 and 10.14.6)
About Apple security updates
How to upgrade/update Office 2011 to 64bit version for OS Catalina? More Less MacBook Pro 13″, macOS 10.15. MacOS Catalina 10.15.7 Supplemental Update, macOS Catalina 10.15.7 Update: macOS Catalina 10.15.7: 05 Nov 2020: tvOS 14.2: Apple TV 4K and Apple TV HD: 05 Nov 2020: iOS 14.2 and iPadOS 14.2: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) 05 Nov 2020: iOS 12.4.9.
- Latest Version: 10.15.7. What does macOS Catalina do? MacOS Catalina gives you more of everything you love about Mac. Experience three all-new media apps: Apple Music, Apple TV, and Apple Podcasts. Locate a missing Mac with the new Find My app. And now coming to Mac, your favorite iPad apps.
- Software Update after Catalina Safari Updates. But if you click the link now, it will take you to the Apple web page telling you about all the awesome features of macOS Big Sur. I presume this “More info” link will change back to showing you security updates for macOS Catalina and Safari when new ones are available, so you’ll have to.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Security Update 2021-003 Catalina
Released May 24, 2021
AMD
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A logic issue was addressed with improved state management.
CVE-2021-30676: shrek_wzw
AMD
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30678: Yu Wang of Didi Research America
App Store
Available for: macOS Catalina
Impact: A path handling issue was addressed with improved validation
Description: A malicious application may be able to break out of its sandbox.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
Entry added July 21, 2021
AppleScript
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffman
Audio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio
Available for: macOS Catalina
Impact: An out-of-bounds read was addressed with improved bounds checking
Description: Processing a maliciously crafted audio file may disclose restricted memory.
CVE-2021-30686: Mickey Jin of Trend Micro working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Core Services
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CVMS
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Kmsauto lite activator office 2016 free download. Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Catalina
Impact: A malicious application may be able to access a user's call history
Description: An access issue was addressed with improved access restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Catalina
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Catalina
Impact: An out-of-bounds write issue was addressed with improved bounds checking
Description: A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Heimdal
Available for: macOS Catalina
Macos Catalina New Update 2019
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: Processing maliciously crafted server messages may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A malicious application could execute arbitrary code leading to compromise of user information
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
Assassins creed black flag mod tool. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-30743: CFF of Topsec Alpha Team, an anonymous researcher, and Jeonghoon Shin(@singi21a) of THEORI working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Catalina
Impact: An out-of-bounds read issue was addressed by removing the vulnerable code
Description: A local user may be able to cause unexpected system termination or read kernel memory.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Intel Graphics Driver
Available for: macOS Catalina
Impact: An out-of-bounds write issue was addressed with improved bounds checking
Description: A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Entry added July 21, 2021
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Catalina
Impact: Processing a maliciously crafted message may lead to a denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Catalina
Impact: A memory corruption issue was addressed with improved validation
Description: A local attacker may be able to elevate their privileges.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Entry added July 21, 2021
Login Window
Available for: macOS Catalina
Impact: A person with physical access to a Mac may be able to bypass Login Window
Description: A logic issue was addressed with improved state management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Available for: macOS Catalina
Impact: A logic issue was addressed with improved state management
Description: An attacker in a privileged network position may be able to misrepresent application state.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences
Entry added July 21, 2021
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Macos Catalina New Update Downloads
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
Security
Available for: macOS Catalina
Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code
Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.
CVE-2021-30737: xerub
Entry added July 21, 2021
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to perform denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A path handling issue was addressed with improved validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to send unauthorized Apple events to Finder
What Is Latest Update For Catalina
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance.
CFString
We would like to acknowledge an anonymous researcher for their assistance.
CoreCapture
Macos Catalina Latest Version
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-financial TianQiong Security Lab for their assistance.