About Apple security updates
MCDONALD'S has confirmed they will be selling 99p Big Macs and giving away free fries for one day only - but the offer is only available via the app. The offer had been 'leaked' online ahead of. So, all you have to do is buy a Big Mac and get a coin starting Thursday until supplies run out. Over 6.2 million of these coins will be distributed to 50 countries worldwide, so you don't have to. Dec 10, 2020 Dec. 14: The Griswolds, free Double Cheeseburger; Dec. 15: The Abominable Snowmonster, free Big Mac; Dec. 16: Grinch, free Egg McMuffin; Dec. 17: John McClane, free. May 11, 2017 To get one, download the Postmates delivery app, add a Big Mac to your order from a nearby McDonald's and use the promo code 'EATWHATEVER.' Postmates is available and delivers to Milwaukee.
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
macOS Big Sur 11.4
Released May 24, 2021
AMD
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30678: Yu Wang of Didi Research America
AMD
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A logic issue was addressed with improved state management.
CVE-2021-30676: shrek_wzw
App Store
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its sandbox
Description: A path handling issue was addressed with improved validation.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
AppleScript
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffman
Audio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative
Audio
Available for: macOS Big Sur
Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
Bluetooth
Available for: macOS Big Sur
Impact: A memory corruption issue was addressed with improved state management
Description: A malicious application may be able to gain root privileges
CVE-2021-30672: say2 of ENKI
Entry added July 21, 2021
Core Services
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30686: Mickey Jin of Trend Micro
CoreText
Available for: macOS Big Sur
Impact: An out-of-bounds read was addressed with improved input validation
Description: Processing a maliciously crafted font may result in the disclosure of process memory.
CVE-2021-30733: Sunglin from the Knownsec 404
CVE-2021-30753: Xingwei Lin of Ant Security Light-Year Lab
Entry added July 21, 2021
Crash Reporter
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Big Sur
Impact: A malicious application may be able to access a user's call history
Description: An access issue was addressed with improved access restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
FontParser
Available for: macOS Big Sur
Impact: An out-of-bounds read was addressed with improved input validation
Description: Processing a maliciously crafted font may result in the disclosure of process memory
CVE-2021-30755: Xingwei Lin of Ant Security Light-Year Lab
Entry added July 21, 2021
Graphics Drivers
Available for: macOS Big Sur
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
Heimdal
Available for: macOS Big Sur
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A malicious application could execute arbitrary code leading to compromise of user information
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: This issue was addressed with improved checks
Description: Processing a maliciously crafted image may lead to disclosure of user information.
CVE-2021-30706: Anonymous working with Trend Micro Zero Day Initiative, Jzhu working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: An out-of-bounds read issue was addressed by removing the vulnerable code.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
IOUSBHostFamily
Available for: macOS Big Sur
Impact: This issue was addressed with improved checks
Description: An unprivileged application may be able to capture USB devices.
CVE-2021-30731: UTM (@UTMapp)
Entry added July 21, 2021
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: Processing a maliciously crafted message may lead to a denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed with improved size validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved validation.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Kernel
Available for: macOS Big Sur
Impact: A double free issue was addressed with improved memory management
Free Big Mac 2020
Description: An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30703: an anonymous researcher
Entry added July 21, 2021
Kext Management
Available for: macOS Big Sur
Impact: A local user may be able to load unsigned kernel extensions
Description: A logic issue was addressed with improved state management.
CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security
LaunchServices
Available for: macOS Big Sur
Impact: A malicious application may be able to break out of its sandbox
Description: This issue was addressed with improved environment sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Login Window
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass Login Window
Description: A logic issue was addressed with improved state management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to misrepresent application state
Description: A logic issue was addressed with improved state management.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences
MediaRemote
Free Big Mac Day 2020
Available for: macOS Big Sur
Impact: A privacy issue in Now Playing was addressed with improved permissions
Description: A local attacker may be able to view Now Playing information from the lock screen.
CVE-2021-30756: Ricky D'Amelio, Jatayu Holznagel (@jholznagel)
Entry added July 21, 2021
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Big Sur
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
PackageKit
Available for: macOS Big Sur
Impact: A malicious application may be able to overwrite arbitrary files
Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization.
CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass certain Privacy preferences
Description: This issue was addressed with improved data protection.
CVE-2021-30751: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added July 21, 2021
Security
Available for: macOS Big Sur
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
CVE-2021-30737: xerub
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to perform denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A path handling issue was addressed with improved validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
Software Update
Available for: macOS Big Sur
Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update
Description: This issue was addressed with improved checks.
CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro
SoftwareUpdate
Available for: macOS Big Sur
Impact: A non-privileged user may be able to modify restricted settings
Description: This issue was addressed with improved checks.
CVE-2021-30718: SiQian Wei of ByteDance Security
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to send unauthorized Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
TCC
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.
Description: A permissions issue was addressed with improved validation.
CVE-2021-30713: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue was addressed with improved memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: Prakash (@1lastBr3ath)
Entry updated July 21, 2021
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
WebKit
Available for: macOS Big Sur
Impact: A malicious website may be able to access restricted ports on arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-financial TianQiong Security Lab for their assistance.
ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance.
Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their assistance.
WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance.
10 Stunning Clock Screensavers for Windows And Mac
Long time ago, screensavers were actually meant to save the screen. Ya speaking literally. Save from what ? Well it happened to be a problem named screen-burn-effect – a permanent deformity on areas of a CRT monitor due to non-moving text or graphics being displayed for a long period of time. To negate this problem, screen savers were used to fill the screen with moving graphics when the computer was idle. But nowadays its sole purpose is to spice up your screen.(Also read : Display RSS Feeds as Windows Screensaver)
Some Free Clock Screensavers
1. Word Clock :
Word clock is a nice replacement for the typical analogue or digital clock that we generally use. It displays the date and time in a sentence. You can select from two display modes Linear and Rotary. The screensaver can be downloaded for iPhone, iPad, Mac OSx and Windows.
2. Fliqlo
Fliqlo is a nice flip style clock screensaver that happens to be my favorite. If you have a habit of keeping your system on for a long period without working on it (or just a download or scan running in the background) then this clock is a nice tool to spice up your PC screen. It is really a nice alternative for a led clock.
3. National Geographic Channel Calendar Screensaver :
This is one of the nicest clock screensaver I have ever used. The date and time is shown in a nice animated fashion. This was the official National Geographic screensaver when I used it. But right now, I have (tried my best and) failed to find out a direct link from their site. Here is an alternate link for the download.
You may also want to check out some desktop tools which allow you to download National Geographic wallpapers for Free
4. In Rumour Screensaver V2 :
Inrumour is not just a clock screensaver. It is actually a weather screensaver too. You get to see the weather forecast for the next 2 days for your locality as well as the present weather update too for the same. The screensaver consists of an analogue clock and shows the date and calendar as well as news from inrumor.com.
5. Time Beat Clock Screensaver :
Time Beat is yet another clock screensaver that only serves the purpose of a clock. It uses a nice screen-beating effect every second. You can have a nice demo of the clock here. Look out for the download link to the bottom right corner of the demo page.
6. Crazyscreen Clock Screensaver :
Crazy screen is a free rotary clock screensaver which shows the time as a nice wheel.
7. Polar Clock Screensaver :
Polar Clock is an awesome clock and calendar screensaver in circles that moves as every second passes. The clock is based upon the idea of polar coordinates. The screensaver is available in 28 languages with numerous options such as text alignment, font size, arc properties, continuous / stepped motion, appearance, colors etc. The screensaver is available for Mac and Windows users.
8. Clockr A Flickr Based Clock Screensaver :
Free Big Mac Coupon
Clockr is a Flickr based clock screensaver that uses random images from Flickr to show the time. It needs a steady internet connection to work properly.
9. Uniqlo Screensaver Music, Dance :
The strangest and most unique clock screensavers among the ones I listed here. All you have on the screen is cute Japanese girls dancing around different exotic locations along with a time and date stamp. The screensaver works in selected countries which are Japan, USA, UK, France, Korea, China, Hong Kong and Singapore. Download the application here. You will need a working internet connection to download all the sessions of the screensaver.
10. ClockBlock Screensaver :
It is really a nice way to show clock as a screensaver. The screensaver is available here.
You may also like reading online time clocks, stopwatches and timer websites. If you know about any such stunning free clock screensavers then please let us know via comments. And also drop in a few words about how you liked the list.
How To Set Screensaver On Windows 10
If you do not like to use a third-party software, you can always use the in-built option to set a screensaver on Windows 10. Here is how to do that.
At first, click the Taskbar search box and search for “change screen saver.” Now, click on the corresponding search result to open the Screen Saver Settings window. Once opened, expand the Screen Saver drop-down list, and select a screen saver type.
At last, click the Apply and OK buttons, respectively.