About Apple security updates
For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.
Apple security documents reference vulnerabilities by CVE-ID when possible.
For more information about security, see the Apple Product Security page.
Security Update 2021-003 Catalina
MacOS Catalina replaces iTunes with three all-new apps that greatly simplify and improve the way Mac users discover and enjoy their favorite music, TV shows, movies and podcasts. The new Music app for Mac is lightning fast, fun and easy to use. Apple Music will help users discover great new music with over 50 million songs, playlists and music. With macOS Catalina, the apps you love are now more beautiful and intelligent than ever. App Store with Apple Arcade. An unsubscribe link for email messages from commercial lists now.
- Alternatively, you can click the link below and it should launch the Catalina product page within the App Store: Get MacOS Catalina. Step 4: Download MacOS Catalina.
- Attempting to download macOS Catalina from the Mac App Store you may find that a small version of the “Install macOS Catalina.app” file downloads to the “Applications” folder, rather than the complete 8.1 GB installer file.
- Until now, Gatekeeper didn't take the same approach with apps launched via Terminal. It also didn't check non-quarantined apps and files for malware. In other words, it checked an app only once for malware. Significant changes have arrived with macOS Catalina. Now, apps started through Terminal are also checked.
Released May 24, 2021
AMD
Available for: macOS Catalina
Impact: A local user may be able to cause unexpected system termination or read kernel memory
Description: A logic issue was addressed with improved state management.
CVE-2021-30676: shrek_wzw
AMD
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30678: Yu Wang of Didi Research America
App Store
Available for: macOS Catalina
Impact: A path handling issue was addressed with improved validation
Description: A malicious application may be able to break out of its sandbox.
CVE-2021-30688: Thijs Alkemade of Computest Research Division
Entry added July 21, 2021
AppleScript
Available for: macOS Catalina
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state management.
CVE-2021-30669: Yair Hoffman
Audio
Available for: macOS Catalina
Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
CoreAudio
Available for: macOS Catalina
Impact: An out-of-bounds read was addressed with improved bounds checking
Description: Processing a maliciously crafted audio file may disclose restricted memory.
CVE-2021-30686: Mickey Jin of Trend Micro working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Core Services
Available for: macOS Catalina
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CVMS
Available for: macOS Catalina
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro
Dock
Available for: macOS Catalina
Impact: A malicious application may be able to access a user's call history
Description: An access issue was addressed with improved access restrictions.
CVE-2021-30673: Josh Parnham (@joshparnham)
Graphics Drivers
Available for: macOS Catalina
Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30684: Liu Long of Ant Security Light-Year Lab
Graphics Drivers
Available for: macOS Catalina
Impact: An out-of-bounds write issue was addressed with improved bounds checking
Description: A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Heimdal
Available for: macOS Catalina
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: Processing maliciously crafted server messages may lead to heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Catalina
Impact: A malicious application could execute arbitrary code leading to compromise of user information
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30683: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: An out-of-bounds write was addressed with improved input validation.
CVE-2021-30743: CFF of Topsec Alpha Team, an anonymous researcher, and Jeonghoon Shin(@singi21a) of THEORI working with Trend Micro Zero Day Initiative
ImageIO
Available for: macOS Catalina
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
Intel Graphics Driver
Available for: macOS Catalina
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: An out-of-bounds write issue was addressed with improved bounds checking.
CVE-2021-30728: Liu Long of Ant Security Light-Year Lab
Intel Graphics Driver
Available for: macOS Catalina
Impact: An out-of-bounds read issue was addressed by removing the vulnerable code
Description: A local user may be able to cause unexpected system termination or read kernel memory.
CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Intel Graphics Driver
Available for: macOS Catalina
Impact: An out-of-bounds write issue was addressed with improved bounds checking
Description: A malicious application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team
Entry added July 21, 2021
Kernel
Available for: macOS Catalina
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: macOS Catalina
Impact: Processing a maliciously crafted message may lead to a denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: macOS Catalina
Impact: A memory corruption issue was addressed with improved validation
Description: A local attacker may be able to elevate their privileges.
CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab
Entry added July 21, 2021
Login Window
Available for: macOS Catalina
Impact: A person with physical access to a Mac may be able to bypass Login Window
Description: A logic issue was addressed with improved state management.
CVE-2021-30702: Jewel Lambert of Original Spin, LLC.
Available for: macOS Catalina
Impact: A logic issue was addressed with improved state management
Description: An attacker in a privileged network position may be able to misrepresent application state.
CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences
Entry added July 21, 2021
Model I/O
Available for: macOS Catalina
Install Catalina From App Store
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: macOS Catalina
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
NSOpenPanel
Available for: macOS Catalina
Impact: An application may be able to gain elevated privileges
Description: This issue was addressed by removing the vulnerable code.
CVE-2021-30679: Gabe Kirkpatrick (@gabe_k)
OpenLDAP
Available for: macOS Catalina
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-36226
CVE-2020-36229
CVE-2020-36225
CVE-2020-36224
CVE-2020-36223
CVE-2020-36227
CVE-2020-36228
CVE-2020-36221
CVE-2020-36222
CVE-2020-36230
Security
Available for: macOS Catalina
Impact: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code
Description: Processing a maliciously crafted certificate may lead to arbitrary code execution.
CVE-2021-30737: xerub
Entry added July 21, 2021
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to perform denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-30716: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to execute arbitrary code
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30717: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution
Description: A logic issue was addressed with improved state management.
CVE-2021-30712: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: A path handling issue was addressed with improved validation.
CVE-2021-30721: Aleksandar Nikolic of Cisco Talos
smbx
Available for: macOS Catalina
Impact: An attacker in a privileged network position may be able to leak sensitive user information
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30722: Aleksandar Nikolic of Cisco Talos
TCC
Available for: macOS Catalina
Impact: A malicious application may be able to send unauthorized Apple events to Finder
Description: A validation issue was addressed with improved logic.
CVE-2021-30671: Ryan Bell (@iRyanBell)
Additional recognition
App Store
We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance.
CFString
Install Macos Catalina App Store Link
We would like to acknowledge an anonymous researcher for their assistance.
CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-financial TianQiong Security Lab for their assistance.
macOS Catalina gives you more of everything you love about Mac. Experience music, TV, and podcasts in three all-new Mac apps. Enjoy your favorite iPad apps now on your Mac. Extend your workspace and expand your creativity with iPad and Apple Pencil. And discover smart new features in the apps you use every day. Now you can take everything you do above and beyond.
Music, TV, and podcasts take center stage.
iTunes forever changed the way people experienced music, movies, and podcasts. It all changes again with three all-new, dedicated apps — Apple Music, Apple TV, and Apple Podcasts — each designed from the ground up to be the best way to enjoy entertainment on your Mac. And rest assured; everything you had in your iTunes library is still accessible in each app. iCloud seamlessly syncs everything across your devices — or you can back up, restore, and sync by connecting the device directly to your Mac.
Presenting Apple Music on Mac.
The new Apple Music app is the ultimate music streaming experience on Mac.1 Explore a library of 60 million songs, discover new artists and tracks, find the perfect playlist, download and listen offline, or enjoy all the music you’ve collected over the years. And find it all in your music library on all your devices.
Apple TV. Premiering on Mac.
The Apple TV app for Mac is the new home for all your favorite movies and Apple TV+.2 Watch everything directly in the app or enjoy it offline, and discover the best of what’s on in the Watch Now tab. You can even pick up where you left off on any screen, across all your devices. And for the first time, 4K3 and Dolby Atmos4–supported movies are available on Mac.
Listen up. Podcasts on Mac.
The best entertainment, comedy, news, and sports shows are now available on your Mac with Apple Podcasts. Search for podcasts by title, topic, guest, host, content, and more. Subscribe and be notified as soon as new episodes become available. And in the Listen Now tab, you can easily pick up where you left off across all your devices.
The apps you love.
Right on your Mac.
Experience your favorite iPad apps now on your Mac. With Mac Catalyst, developers can easily create Mac apps from the iPad apps you already know and love. They run natively alongside your existing Mac apps so you can drag and drop content between them. They take full advantage of the larger screen and powerful architecture of your Mac. And because they are built from their iOS versions, they provide a seamless experience across your devices. Enjoy a broad range of Mac apps — from travel, entertainment, and gaming to banking, education, and project management.
The Twitter for Mac app takes full advantage of the native Mac features like multiple windows, drag and drop, keyboard shortcuts, and more. See more of what’s happening on a larger screen and easily work alongside your other Mac apps.
Morpholio Board for Mac lets interior designers create their mood boards on a larger screen with much more detail. Users can scroll through a huge library of furnishings; use new editing, composition, curation, and organization tools; and work alongside web browsers, notes, and email.
With the Post-it® App on Mac, users can easily organize all their notes on the big screen. Grouping and sorting is much faster using a keyboard and mouse or trackpad. And importing boards from other users is even easier.
With Jira for Mac, manage projects like a boss. Take advantage of native Mac features and move through Jira faster than ever, push notifications, keyboard shortcuts, drag and drop, custom menu bar, and more.
The American Airlines app for Mac lets users check in and choose their seats, and even see three-dimensional renderings of their seats powered by SceneKit.
With TripIt on Mac, you can review all your plans in one place, edit and share your trip details, and research your destination, all while multitasking with other Mac apps. Your itinerary is even available offline, whether you’re at your desk or at 35,000 feet.
The Crew app for Mac is the first communications app designed for workers who don’t have easy access to communication technology on the job. Managers often use Mac computers in the back of house at stores, so users can access the experience they expect on the platform they prefer.
Download Macos Catalina App Store Link
This popular language-learning solution opens a whole new world on Mac. The desktop is wonderfully suited for focus and learning. Rosetta Stone is tightly integrated with the Mac microphone and includes an offline mode for a seamless app experience that’s just not possible on the web.
Proloquo2Go on Mac is designed for people with communication challenges who are unable to make themselves understood using their own voices. The app lets parents, teachers, and therapists customize the app vocabulary using the keyboard and provide new words without requiring access to their child’s device, which may be at school or at home.
Even more amazing Mac apps.Even more amazing Mac apps
Developers are continuing to build for Catalyst as many more of your favorite iPad apps will be coming to Mac.
app-1 app-2 app-3 app-4 app-5 app-6 app-7 app-8 app-9 app-10
The apps you use every day, made extraordinary.
With macOS Catalina, the apps you love are now more beautiful and intelligent than ever. So your everyday tasks are easier than ever.
Focus on your best shots.
Catalina App Store Link
Photos has a new immersive, dynamic look that showcases your photos and memories. See only the best shots in your library, without the duplicates and clutter. Browse your favorite photos by days, months, and years and get larger previews of all your photos. And Photos is even smarter, so it can highlight important moments like birthdays, anniversaries, and trips.
Easier to find. And easier to share.
A new gallery view and more powerful search help you find your notes quicker than ever. Shared folders let you collaborate on entire folders of notes with another person or a group. And new checklist options let you move completed items to the bottom, quickly reorder items using drag and drop, and more.
Organization.
Reorganized.
The Reminders app has been completely rebuilt, with an all-new design and new ways to easily create, organize, and keep track of reminders. Add attachments to reminders, create or change reminders with the quick edit buttons, and let Siri suggest new ones found in Messages. Smart lists automatically organize and display your upcoming reminders. And if you tag someone in a reminder, you’ll be notified the next time you’re chatting in Messages.
Start browsing.
Faster.
An updated start page helps you easily and quickly access your favorites and frequently visited sites. And Siri suggestions surface bookmarks, iCloud Tabs, and links from your reading list, as well as those you receive in Messages.
Play extraordinary.
Unlimited access to over 100 ad-free games for your Mac — all in a game subscription service unlike any other. Start playing on your Mac and jump to your iPhone, iPad, and Apple TV.
Extend your desktop. With iPad.
Sidecar lets you extend your workspace by using your iPad as a second Mac display.6 Work in one app while you reference another or view your artwork on your Mac while you use tools and palettes on your iPad. You can also mirror the screens so they both display the same content, making it perfect for sharing exactly what you see with others.
View the Sidecar white paper (PDF)Express your creativity. With Apple Pencil.
Bring the ease and precision of Apple Pencil to your favorite creative Mac apps with Sidecar.7 Just drag your app window from your Mac to your iPad as you would with any second display. Then use Apple Pencil to design in Illustrator, edit photos in Affinity Photo, or create 3D models in ZBrush. The handy sidebar puts essential Command, Control, and Shift keys right at your fingertips.
Make your mark on Mac.
Use Apple Pencil for everyday tasks like drawing and sketching or marking up screenshots and PDFs. You can easily insert a sketch from your iPad into any document on your Mac.
Powerful apps. Made even more powerful.
Discover all the amazing apps that are compatible with Sidecar, including illustration, photography, and 3D apps.
Affinity Photo
Maya
Screen Time.
Now on Mac.
macOS Catalina brings all your favorite Screen Time features to Mac, giving you greater insight into how you’re spending your time. Monitor usage, schedule downtime, and set limits for both apps and websites across all your devices. And with Family Sharing, you can set app and communication limits for your kids to help them focus on the right things.
Communication Limits
Communication Limits let you choose who your children can communicate with throughout the day and during downtime, so you can make sure they’re always reachable.
Combined Limits
With Combined Limits, you can combine individual apps and websites, and even whole categories, into a single, easy-to-manage limit. Set a limit for a group of apps and websites, like gaming or your favorite streaming apps.
One More Minute
Need an extra minute to wrap up what you’re doing? You’ll get a notification when you’ve reached your time limit, so you can quickly wrap up a conversation, save a file, or close a game session before your time runs out.
Increased security.
Greater privacy.
With macOS Catalina, there are enhanced security features to better protect macOS against tampering, help ensure that the apps you use are safe, and give you greater control over access to your data. And it’s even easier to find your Mac if it’s lost or stolen.
More secure hardware.
The Apple T2 Security Chip keeps your Mac secure by ensuring that you’re running trusted software and automatically encrypting your stored data. It also provides secure authentication for Touch ID. And now macOS Catalina features Activation Lock, so only you can erase and reactivate your Mac.
Safer-running software.
macOS Catalina runs in its own read-only volume, so it’s separate from all other data on your Mac, and nothing can accidentally overwrite your system files. And Gatekeeper ensures that new apps you install have been checked for known security issues before you run them, so you’re always using good software.
Data protections.
Apps must now get your permission before directly accessing files in your Documents and Desktop folders, iCloud Drive, and external volumes, so you’re always in control of your data. And you’ll be prompted before any app can capture keyboard activity or a photo or video of your screen.
The new Find My app combines Find My iPhone and Find My Friends into a single, easy-to-use app on Mac, iPad, and iPhone. Find My can help you locate a missing Mac — even if it’s offline and sleeping — by sending out Bluetooth signals that can be detected by Apple devices in use nearby. They can then relay the detected location of your Mac to iCloud so you can locate it in the Find My app.
It’s all anonymous and encrypted end-to-end so no one, including Apple, knows the identity of any reporting device. And because the reporting happens silently using tiny bits of data that piggyback on existing network traffic, there’s no need to worry about your battery life, your data usage, or your privacy.
Powerful features to empower everyone.
macOS Catalina includes new features to help everyone get the most out of Mac. Tools for users with low vision allow you to zoom in on a paragraph of text or the entire screen.
Zoom Display
If you have two screens, you can keep one screen zoomed in close while the other remains at a standard resolution. It’s great for everyday work and giving a presentation.
Hover Text
Hover Text makes it easier to view text on your Mac display. Just hover over any text with your cursor and press Command. You’ll get a dedicated window with large, high-resolution text. You can even choose the fonts and colors.
macOS Catalina
The power of Mac.
Taken further.
Featuring all-new, dedicated apps for music, TV, and podcasts. Smart new features in the apps you use every day. And Sidecar, which lets you use iPad as a second Mac display.
See if your Mac can run macOS Catalina.
MacBook
2015 and later
Learn moreMacBook Air
2012 and later
Learn moreMacBook Pro
2012 and later
Learn moreMac mini
Macos Catalina Direct App Store Link
2012 and later
Learn moreiMac
2012 and later
Learn moreiMac Pro
2017 and later
Catalina App Store Url
(all models)
Mac Pro
Mac Os Catalina App Store Link
2013 and later
Learn moreNew tools to build new worlds.
If you can imagine it, you can create it. ARKit 3 gives you new tools to build incredible experiences on the world’s largest AR platform.
Develop for macOS Catalina.
The Apple SDK offers enormous possibilities for developers to create apps that will work across Mac, iPhone, and iPad.