Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

Cisco Talos recently discovered an exploitable integer overflow vulnerability in Apple macOS’ SMB server that could lead to information disclosure.

Server Message Block (SMB) is a network file-sharing commonly seen in Windows network environments, but macOS contains its own proprietary implementation of the server and client components. TALOS-2021-1237 (CVE-2021-1878) is an integer overflow vulnerability that exists in the way macOS SMB server processes SMB3 compounded packets. An attacker could exploit this vulnerability by sending the targeted SMB server a specially crafted packet. In addition to being able to see sensitive information, an attacker could also use the integer overflow to bypass cryptographic checks and cause a denial of service.

Cisco Talos worked with Apple to ensure that this issue is resolved and an update is available for affected customers, all in adherence to Cisco’s vulnerability disclosure policy.

Users are encouraged to update from Apple macOS 11.1 as soon as possible. Talos tested and confirmed these versions of macOS could be exploited by this vulnerability.

The following SNORTⓇ rules will detect exploitation attempts against this vulnerability: 57115 - 57118. Additional rules may be released in the future and current rules are subject to change, pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.