Alert GCSA-21047 - Apple Security Updates APPLE-SA-2021-04-26

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1




******************************************************************

Alert ID: GCSA-21047
Data: 28 Aprile 2021
Titolo: Apple Security Updates APPLE-SA-2021-04-26

******************************************************************


:: Descrizione

Apple ha rilasciato un aggiornamento di sicurezza che risolve diverse
vulnerabilita' presenti nei sistemi operativi e nelle applicazioni.

Le vulnerabilita' vengono attualmente sfruttata.

Per una descrizione degli aggiornamenti consultare le segnalazioni
ufficiali alla sezione 'Riferimenti'.


:: Software interessato

iCloud per Windows precedente alla 12.3
Xcode precedente alla 12.5
Safari precedente alla 14.1
macOS Big Sur precedente alla 11.3
macOS Catalina precedente al security update 2021-002
macOS Mojave precedente al security update 2021-003
iOS precedente alla 14.5
iPadOS precedente alla 14.5
watchOS precedente alla 7.4
tvOS precedente alla 14.5
iTunes precedente alla 12.11.3
GarageBand precedente alla 10.4.3


:: Impatto

Esecuzione da remoto di codice arbitrario nel contesto dell'applicazione
Accesso a dati sensibili
Escalation di privilegi


:: Soluzione

Aggiornare i software alle seguenti versioni:

iCloud per windows alla 12.3
Xcode alla 12.5
Safari alla 14.1
macOS Big Sur alla 11.3
macOS Catalina applicare il security update 2021-002
macOS Mojave applicare il security update 2021-003
iOS alla 14.5
iPadOS alla 14.5
watchOS alla 7.4
tvOS alla 14.5
iTunes alla 12.11.3
GarageBand alla 10.4.3


:: Riferimenti

Apple security updates
https://support.apple.com/en-us/HT201222
https://support.apple.com/en-us/HT212299
https://support.apple.com/en-us/HT212317
https://support.apple.com/en-us/HT212318
https://support.apple.com/en-us/HT212319
https://support.apple.com/en-us/HT212320
https://support.apple.com/en-us/HT212321
https://support.apple.com/en-us/HT212323
https://support.apple.com/en-us/HT212324
https://support.apple.com/en-us/HT212325
https://support.apple.com/en-us/HT212326
https://support.apple.com/en-us/HT212327

US-CERT
https://us-cert.cisa.gov/ncas/current-activity/2021/04/27/apple-releases-security-updates

Bleeping Computer:
https://www.bleepingcomputer.com/news/security/apple-fixes-macos-zero-day-bug-exploited-by-shlayer-malware/

CSIRT Italia
https://csirt.gov.it/contenuti/apple-corregge-vulnerabilita-0-day-in-big-sur-al01-210427-csirt-ita

Mitre CVE:
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1814
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1829
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1841
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1844
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1855
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1859
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1861
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1880
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-7463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-8286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30654
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30655
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30657
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30658
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert





-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQTGpdiR5MqstacBGHbBnEyTZRJgQgUCYIkWUgAKCRDBnEyTZRJg
Qmb+AKDZVB9sA/dw5KwHOzQSvtc9HsXSEwCg1FyOHBk14dRG2Z4IZh/quGcYa1Q=
=dLGv
-----END PGP SIGNATURE-----