macOS Big Sur 11.2 Released

enaph

enaph

Level 28
Thread author
Verified
Honorary Member
Top Poster
Well-known
Jun 14, 2011
1,790
Changelog:
macOS Big Sur 11.2 improves Bluetooth reliability and fixes the following issues:

  • External displays may show a black screen when connected to a Mac mini (M1, 2020) using an HDMI to DVI converter
  • Edits to Apple ProRAW photos in the Photos app may not save
  • iCloud Drive could turn off after disabling the iCloud Drive Desktop & Documents Folders option
  • System Preferences may not unlock when entering your administrator password
  • Globe key may not display the Emoji & Symbols pane when pressed
Some features may not be available for all regions, or on all Apple devices.
Click to expand...

What's new in the updates for macOS Big Sur - Apple Support

macOS Big Sur updates improve the stability, performance, or compatibility of your Mac and are recommended for all macOS Big Sur users.
support.apple.com support.apple.com

Security content:

macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave​

Released February 1, 2021

Analytics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An integer overflow was addressed with improved input validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading to compromise of user information
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
CoreMedia
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
Description: A stack overflow was addressed with improved input validation.
CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
CoreText
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private information
Description: A logic issue was addressed with improved state management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs
FontParser
Available for: macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font may lead to arbitrary code execution
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An access issue was addressed with improved memory management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-Year Lab

ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1736: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with system privileges
Description: A logic error in kext loading was addressed with improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved memory management.
CVE-2021-1764: @m00nbsd
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Login Window
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to bypass authentication policy
Description: An authentication issue was addressed with improved state management.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
Messages
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A user that is removed from an iMessage group could rejoin the group
Description: This issue was addressed with improved checks.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1762: Mickey Jin of Trend Micro
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-1751: Mikko Kenttälä (@Turmio_) of SensorFu
OpenLDAP
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed by updating SQLite to version 3.32.3.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing policy
Description: This issue was addressed with improved iframe sandbox enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on arbitrary servers
Description: A port redirection issue was addressed with additional port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar
divider.png

Additional recognition​

Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
Click to expand...

About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave - Apple Support

This document describes the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave.
support.apple.com support.apple.com
 
  • Like
Reactions: JB007, Venustus, ForgottenSeer 85179 and 3 others

Similar threads

enaph
    • +Reputation
    • Like
New Update macOS 14.4 brings 50+ security fixes, iOS 17.4 patch list expands to over 40
Replies
1
Views
331
macOS, iOS & iPadOS
vtqhtr413
vtqhtr413
Ink
    • Like
    • +Reputation
New Update Safari 17 is available (January 2024)
Replies
1
Views
506
Safari
Ink
Ink
upnorth
    • +Reputation
    • Like
    • Thanks
New Update Security Update 2022-005 Catalina
Replies
0
Views
967
macOS, iOS & iPadOS
upnorth
upnorth

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top