About Apple security updates
Trend Micro OfficeScan as our new anti-virus solution. DO NOT UPGRADE TO APPLE'S MACOS 11.0 BIG SUR- IDENTIFIED COMPATIBILITY ISSUES Learn More. Apple has unveiled the latest Mac OS Big Sur at WWDC 2020. They claimed Big Sur has the biggest design change in almost 20 years since the first OS X. Mac OS has been powering computers like MacBook Pro, MacBook Air and iMac since 2001. The Big Sur update includes the new app icon designs, iOS-like Control Center and fresh Safari updates. Apr 15, 2021 Trend Micro stops more than 250 million threats daily (i), so you can enjoy your digital life safely Defend against the unknown Our cloud-based AI technology delivers highly effective and proactive protection against ever-evolving malware infections. CVE-2021-1806: ABC Research s.r.o. Working with Trend Micro Zero Day Initiative. Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6. Impact: A local attacker may be able to elevate their privileges. Description: This issue was addressed by updating to sudo version 1.9.5p2. CVE-2021-3156: Qualys.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Released February 1, 2021
Analytics
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
APFS
Available for: macOS Big Sur 11.0.1
Impact: A local user may be able to read arbitrary files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1797: Thomas Tempelmann
CFNetwork Cache
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: An integer overflow was addressed with improved input validation.
CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team
CoreAnimation
Available for: macOS Big Sur 11.0.1
Impact: A malicious application could execute arbitrary code leading to compromise of user information
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-1760: @S0rryMybad of 360 Vulcan Team
CoreAudio
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab
CoreGraphics
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-1776: Ivan Fratric of Google Project Zero
Entry updated March 16, 2021
CoreMedia
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted text file may lead to arbitrary code execution
Description: A stack overflow was addressed with improved input validation.
CVE-2021-1772: Mickey Jin (@patch1t) of Trend Micro working with Trend Micro’s Zero Day Initiative
Entry updated March 16, 2021
CoreText
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Entry updated March 16, 2021
Crash Reporter
Available for: macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1761: Cees Elzinga
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A local attacker may be able to elevate their privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1787: James Hutchins
Crash Reporter
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A local user may be able to create or modify system files
Description: A logic issue was addressed with improved state management.
CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security
Directory Utility
Available for: macOS Catalina 10.15.7
Impact: A malicious application may be able to access private information
Description: A logic issue was addressed with improved state management.
CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing
Endpoint Security
Available for: macOS Catalina 10.15.7
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-1802: Zhongcheng Li (@CK01) of WPS Security Response Center
FairPlay
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation.
CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
FontParser
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted font may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1790: Peter Nguyen Vu Hoang of STAR Labs
FontParser
Available for: macOS Mojave 10.14.6
Impact: Processing a maliciously crafted font may lead to arbitrary code execution
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro working with Trend Micro’s Zero Day Initiative
Entry updated March 16, 2021
FontParser
Available for: macOS Mojave 10.14.6
Impact: A remote attacker may be able to leak memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab
FontParser
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: A remote attacker may be able to cause arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1758: Peter Nguyen of STAR Labs
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An access issue was addressed with improved memory management.
CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: An out-of-bounds read issue existed in the curl. This issue was addressed with improved bounds checking.
CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab
ImageIO
Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1736: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab
Entry updated March 16, 2021
ImageIO
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to a denial of service
Description: This issue was addressed with improved checks.
CVE-2021-1766: Danny Rosseau of Carve Systems
Entry updated March 16, 2021
ImageIO
Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-1818: Xingwei Lin of Ant-Financial Light-Year Security Lab
Entry updated March 16, 2021
ImageIO
Available for: macOS Catalina 10.15.7, macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1746: Jeonghoon Shin(@singi21a) of THEORI, Mickey Jin & Qi Sun of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab
Entry updated March 16, 2021
ImageIO
Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1738: Lei Sun
CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab
IOKit
Available for: macOS Big Sur 11.0.1
Impact: An application may be able to execute arbitrary code with system privileges
Description: A logic error in kext loading was addressed with improved state handling.
CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security
IOSkywalkFamily
Available for: macOS Big Sur 11.0.1
Impact: A local attacker may be able to elevate their privileges
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas
Kernel
Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue existed resulting in memory corruption. This was addressed with improved state management.
CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kernel
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause a denial of service
Description: A use after free issue was addressed with improved memory management.
CVE-2021-1764: @m00nbsd
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A race condition was addressed with improved locking.
CVE-2021-1782: an anonymous researcher
Kernel
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: Multiple issues were addressed with improved logic.
CVE-2021-1750: @0xalsr
Login Window
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: An attacker in a privileged network position may be able to bypass authentication policy
Description: An authentication issue was addressed with improved state management.
CVE-2020-29633: Jewel Lambert of Original Spin, LLC.
Messages
Available for: macOS Big Sur 11.0.1
Impact: A malicious application may be able to leak sensitive user information
Description: A privacy issue existed in the handling of Contact cards. This was addressed with improved state management.
CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added March 16, 2021
Messages
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A user that is removed from an iMessage group could rejoin the group
Description: This issue was addressed with improved checks.
CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans)
Model I/O
Available for: macOS Big Sur 11.0.1
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-1762: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Entry updated March 16, 2021
Model I/O
Available for: macOS Catalina 10.15.7
Impact: Processing a maliciously crafted file may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) of Topsec Alpha Lab
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A buffer overflow was addressed with improved bounds checking.
CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative
Model I/O
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative
NetFSFramework
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-1751: Mikko Kenttälä (@Turmio_) of SensorFu
OpenLDAP
Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-25709
Power Management
Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7
Impact: A malicious application may be able to elevate privileges
Description: A logic issue was addressed with improved state management.
CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan
Screen Sharing
Available for: macOS Big Sur 11.0.1
Impact: Multiple issues in pcre
Description: Multiple issues were addressed by updating to version 8.44.
CVE-2019-20838
CVE-2020-14155
SQLite
Available for: macOS Catalina 10.15.7
Impact: Multiple issues in SQLite
Description: Multiple issues were addressed with improved checks.
CVE-2020-15358
Swift
Available for: macOS Big Sur 11.0.1
Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication
Description: A logic issue was addressed with improved validation.
CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
Apex One Big Sur
CVE-2021-1788: Francisco Alonso (@revskills)
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Maliciously crafted web content may violate iframe sandboxing policy
Description: This issue was addressed with improved iframe sandbox enforcement.
CVE-2021-1765: Eliya Stein of Confiant
CVE-2021-1801: Eliya Stein of Confiant
WebKit
Available for: macOS Big Sur 11.0.1
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
CVE-2021-1789: @S0rryMybad of 360 Vulcan Team
WebKit
Available for: macOS Big Sur 11.0.1
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1871: an anonymous researcher
CVE-2021-1870: an anonymous researcher
WebRTC
Trend Micro Big Sur Facebook
Available for: macOS Big Sur 11.0.1
Impact: A malicious website may be able to access restricted ports on arbitrary servers
Description: A port redirection issue was addressed with additional port validation.
CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar
Additional recognition
Kernel
We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance.
libpthread
We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance.
Login Window
We would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for their assistance.
Mail Drafts
We would like to acknowledge Jon Bottarini of HackerOne for their assistance.
Screen Sharing Server
We would like to acknowledge @gorelics for their assistance.
WebRTC
We would like to acknowledge Philipp Hancke for their assistance.
System Requirements
Minimum system requirements needed to install Trend Micro Security and its bundled products.
Trend Micro Security for Windows™
- Windows 10 (32-Bit or 64-Bit Windows 10S and ARM processors not supported)
- Windows 8.1 (32-Bit or 64-Bit all versions)
- Windows 7 (32-Bit or 64-Bit all versions) with Service Pack 1 (SP 1) or later
- 1 GHz Processor
- 1GB Memory (2GB Recommended)
- 1.3GB of available hard disk space (1.5GB Recommended)
- Internet Explorer version 11.0
- Google Chrome™ (The newest version and the most recent previous version)
- Mozilla® Firefox® (The newest version and the most recent previous version)
- Microsoft Edge latest version
- Broadband or equivalent high speed connection is highly recommended.
- Desktop - High-colour display with 1280 x 720 pixel resolution or above
- Windows Store - 1064 x 768 pixel resolution or above
- Snap Apps - 1366 x 768 pixel resolution or above
Password Manager for Windows™
- Windows 10 (32-Bit or 64-Bit Windows 10S and ARM processors not supported)
- Windows 8.1 (32-Bit or 64-Bit all versions)
- Windows 7 (32-Bit or 64-Bit all versions) with Service Pack 1 (SP 1) or later
- 1 GHz Processor
- 1GB Memory ( 2GB Recommended )
- 1.3GB of available hard disk space ( 1.5GB Recommended )
- Internet Explorer version 11.0
- Google Chrome™ (The newest version and the most recent previous version)
- Mozilla® Firefox® (The newest version and the most recent previous version)
- Microsoft Edge Latest version
- Broadband or equivalent high speed connection is highly recommended.
Trend Micro Security for Apple® Macintosh®
- Mac OS® 11 version (Big Sur)
- Mac OS® X version 10.15 or later (Catalina)
- Mac OS® X version 10.14 or later (Mojave)
- Intel® Core™-based Apple® Macintosh® computer
- 2GB Memory
- 1.5GB of available hard disk space
- Apple® Safari® 9.0 or higher
- Google Chrome™ (The newest version and the most recent previous version)
- Mozilla® Firefox® (The newest version and the most recent previous version)
Supported Social Networking Sites (For Privacy Scanner)
Antivirus for Mac needs an Internet connection for activating online, checking the expiration date, downloading updates (including program and pattern files) from Trend Micro, obtaining information about malicious software, or browsing pages on the Trend Micro website.
If you have a dial-up or other connection to the Internet that charges fees per connection, by the amount of time connected or for the amount of data downloaded, make sure your router or connection software does not automatically start a connection to support the features listed above to avoid extra connection fees. Follow your router's instructions to edit your router settings if necessary.
Password Manager for Apple® Macintosh®
- Mac OS® 11 version (Big Sur)
- Mac OS® X version 10.15 or later (Catalina)
- Mac OS® X version 10.14 or later (Mojave)
- Intel Core 2 Duo 2.0 GHz or faster
- 2GB Memory
- 300MB of available hard disk space
- Apple® Safari® 9.0 or higher
- Google Chrome™ (The newest version and the most recent previous version)
- Mozilla® Firefox® (The newest version and the most recent previous version)
- Broadband or equivalent high speed connection is highly recommended.
Mobile Security for Android
Trend Micro Mac
- Android 4.0 or later.
- 50MB
- 40-100 MB (Varies by device)
- Internet Connection
Mobile Security for iOS
- iOS 9 or later. 64-bit device required for latest version.
- Phone X, 8, 8 Plus
- iPhone 5s, 6, 6s, 6 Plus
- iPhone 6s Plus, 7, 7 Plus
- iPad Air, Air 2
- iPad Mini 2, Mini 3, Mini 4
- English
- Japanese
Password Manager for Mobile Devices
Trend Micro Big Sur Real Estate
- Android 4.0 or later.
- iOS 9 - 10.3. 64-bit device required for latest version.
- Chrome OS 79 or higher (Chromebooks only supported by Trend Micro Security on Chrome Web Store)