Details of VAR-202109-0348

ID

VAR-202109-0348

CVE

CVE-2021-1834

TITLE

Apple macOS AppleIntelKBLGraphics IOCTL 0x30002 Out-Of-Bounds Write Privilege Escalation Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-596

DESCRIPTION

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to execute arbitrary code with kernel privileges. This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.The specific flaw exists within the handling of IOCTL 0x30005 in the AppleIntelKBLGraphics kext. The issue results from the lack of proper validation of user-supplied data, which can result in a write past the end of an allocated data structure. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-04-26-2 macOS Big Sur 11.3 macOS Big Sur 11.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212325. APFS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1853: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications AppleMobileFileIntegrity Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: An issue in code signature validation was addressed with improved checks. CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group Tianqiong Security Lab Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-1810: an anonymous researcher Audio Available for: macOS Big Sur Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab CFNetwork Available for: macOS Big Sur Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Big Sur Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab CoreFoundation Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A validation issue was addressed with improved logic. CVE-2021-30659: Thijs Alkemade of Computest CoreGraphics Available for: macOS Big Sur Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University CoreText Available for: macOS Big Sur Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab curl Available for: macOS Big Sur Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher curl Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx DiskArbitration Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl (@theevilbit) of Offensive Security, and an anonymous researcher FaceTime Available for: macOS Big Sur Impact: Muting a CallKit call while ringing may not result in mute being enabled Description: A logic issue was addressed with improved state management. CVE-2021-1872: Siraj Zaneer of Facebook FontParser Available for: macOS Big Sur Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi (@hjy79425575) of Qihoo 360 Foundation Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1882: Gabe Kirkpatrick (@gabe_k) Foundation Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga Heimdal Available for: macOS Big Sur Impact: Processing maliciously crafted server messages may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1883: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A race condition was addressed with improved locking. CVE-2021-1884: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30653: Ye Zhang of Baidu Security CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1843: Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1885: CFF of Topsec Alpha Team ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1858: Mickey Jin of Trend Micro Installer Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: This issue was addressed with improved handling of file metadata. CVE-2021-1841: Jack Dates of RET2 Systems, Inc. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1851: @0xalsr Kernel Available for: macOS Big Sur Impact: Copied files may not have the expected file permissions Description: The issue was addressed with improved permissions logic. CVE-2021-1832: an anonymous researcher Kernel Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30660: Alex Plaskett libxpc Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins libxslt Available for: macOS Big Sur Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz Login Window Available for: macOS Big Sur Impact: A malicious application with root privileges may be able to access private information Description: This issue was addressed with improved entitlements. CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing Notes Available for: macOS Big Sur Impact: Locked Notes content may have been unexpectedly unlocked Description: A logic issue was addressed with improved state management. CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd NSRemoteView Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome Preferences Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Safari Available for: macOS Big Sur Impact: A malicious website may be able to track users by setting state in a cache Description: An issue existed in determining cache occupancy. CVE-2021-1861: Konstantinos Solomos of University of Illinois at Chicago Safari Available for: macOS Big Sur Impact: A malicious website may be able to force unnecessary network connections to fetch its favicon Description: A logic issue was addressed with improved state management. CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS SampleAnalysis Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com) System Preferences Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30657: an anonymous researcher tcpdump Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher Time Machine Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to a cross site scripting attack Description: An input validation issue was addressed with improved input validation. CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-1817: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved restrictions. CVE-2021-1826: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may result in the disclosure of process memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1820: an anonymous researcher WebKit Storage Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30661: yangkang(@dnpushme) of 360 ATA WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected system termination or corrupt kernel memory Description: A use after free issue was addressed with improved memory management. CVE-2020-7463: Megan2013678 Wi-Fi Available for: macOS Big Sur Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-1829: Tielei Wang of Pangu Lab Wi-Fi Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2021-30655: Gary Nield of ECSC Group plc and Tim Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech Reguła (@_r3ggi) of SecuRing Windows Server Available for: macOS Big Sur Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6 jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/ cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE /fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1 0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo= =9+Ju -----END PGP SIGNATURE-----

Trust: 2.97

sources: NVD: CVE-2021-1834 // ZDI: ZDI-21-596 // ZDI: ZDI-21-595 // CNNVD: CNNVD-202104-975 // PACKETSTORM: 162360 // PACKETSTORM: 162362 // PACKETSTORM: 162358

AFFECTED PRODUCTS

vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 1.4
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.1	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.2	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.1	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.3	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.3	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.2	Trust: 1.0

sources: ZDI: ZDI-21-596 // ZDI: ZDI-21-595 // NVD: CVE-2021-1834

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI:	CVE-2021-1834
value:	HIGH
Trust: 1.4
nvd@nist.gov:	CVE-2021-1834
value:	CRITICAL
Trust: 1.0
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202104-1976
value:	CRITICAL
Trust: 0.6
VULHUB:	VHN-376494
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-1834
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.0
VULHUB:	VHN-376494
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

ZDI:	CVE-2021-1834
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	HIGH
privilegesRequired:	LOW
userInteraction:	NONE
scope:	CHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.1
impactScore:	6.0
version:	3.0
Trust: 1.4
nvd@nist.gov:	CVE-2021-1834
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.1
Trust: 1.0

sources: ZDI: ZDI-21-596 // ZDI: ZDI-21-595 // VULHUB: VHN-376494 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1976 // NVD: CVE-2021-1834

PROBLEMTYPE DATA

problemtype:

CWE-787

Trust: 1.1

sources: VULHUB: VHN-376494 // NVD: CVE-2021-1834

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202104-1976

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-376494

PATCH

title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/HT212325	Trust: 1.4
title:	Apple macOS Buffer error vulnerability fix	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151400	Trust: 0.6
title:	Apple: macOS Big Sur 11.3	url:	https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=c631c09ebe15d0799205eda727cdfeb3	Trust: 0.1

sources: ZDI: ZDI-21-596 // ZDI: ZDI-21-595 // VULMON: CVE-2021-1834 // CNNVD: CNNVD-202104-1976

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1834	Trust: 3.5
db:	ZDI	id:	ZDI-21-596	Trust: 1.3
db:	PACKETSTORM	id:	162358	Trust: 0.8
db:	ZDI_CAN	id:	ZDI-CAN-12195	Trust: 0.7
db:	ZDI_CAN	id:	ZDI-CAN-12196	Trust: 0.7
db:	ZDI	id:	ZDI-21-595	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.1409.2	Trust: 0.6
db:	CS-HELP	id:	SB2021042704	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-1976	Trust: 0.6
db:	PACKETSTORM	id:	162362	Trust: 0.2
db:	PACKETSTORM	id:	162360	Trust: 0.2
db:	VULHUB	id:	VHN-376494	Trust: 0.1
db:	VULMON	id:	CVE-2021-1834	Trust: 0.1

sources: ZDI: ZDI-21-596 // ZDI: ZDI-21-595 // VULHUB: VHN-376494 // VULMON: CVE-2021-1834 // PACKETSTORM: 162360 // PACKETSTORM: 162362 // PACKETSTORM: 162358 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202104-1976 // NVD: CVE-2021-1834

REFERENCES

url:	https://support.apple.com/en-us/ht212325	Trust: 1.7
url:	https://support.apple.com/en-us/ht212326	Trust: 1.7
url:	https://support.apple.com/en-us/ht212327	Trust: 1.7
url:	https://support.apple.com/ht212325	Trust: 1.4
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1834	Trust: 0.9
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://www.zerodayinitiative.com/advisories/zdi-21-596/	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.1409.2	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35171	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021042704	Trust: 0.6
url:	https://packetstormsecurity.com/files/162358/apple-security-advisory-2021-04-26-2.html	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1813	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1840	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1739	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1828	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1809	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8037	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1784	Trust: 0.3
url:	https://support.apple.com/downloads/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1843	Trust: 0.3
url:	https://www.apple.com/support/security/pgp/	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1811	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1839	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8285	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2020-8286	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1808	Trust: 0.3
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1860	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1857	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1876	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1851	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1875	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1847	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-27942	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1810	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1824	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2020-3838	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1797	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1873	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1740	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1868	Trust: 0.2
url:	https://support.apple.com/kb/ht212325	Trust: 0.1
url:	https://support.apple.com/ht212326.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1878	Trust: 0.1
url:	https://support.apple.com/ht212327.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1806	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1805	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1814	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1820	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1815	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1817	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2020-7463	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1846	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1841	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1825	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1826	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1832	Trust: 0.1
url:	https://support.apple.com/ht212325.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1829	Trust: 0.1

CREDITS

ABC Research s.r.o.

Trust: 1.4

sources: ZDI: ZDI-21-596 // ZDI: ZDI-21-595

SOURCES

db:	ZDI	id:	ZDI-21-596
db:	ZDI	id:	ZDI-21-595
db:	VULHUB	id:	VHN-376494
db:	VULMON	id:	CVE-2021-1834
db:	PACKETSTORM	id:	162360
db:	PACKETSTORM	id:	162362
db:	PACKETSTORM	id:	162358
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202104-1976
db:	NVD	id:	CVE-2021-1834

LAST UPDATE DATE

2024-08-14T13:13:16.678000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-596	date:	2021-05-20T00:00:00
db:	ZDI	id:	ZDI-21-595	date:	2021-05-20T00:00:00
db:	VULHUB	id:	VHN-376494	date:	2021-09-15T00:00:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202104-1976	date:	2021-09-17T00:00:00
db:	NVD	id:	CVE-2021-1834	date:	2021-09-15T15:35:39.697

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-596	date:	2021-05-20T00:00:00
db:	ZDI	id:	ZDI-21-595	date:	2021-05-20T00:00:00
db:	VULHUB	id:	VHN-376494	date:	2021-09-08T00:00:00
db:	PACKETSTORM	id:	162360	date:	2021-04-28T14:58:36
db:	PACKETSTORM	id:	162362	date:	2021-04-28T15:00:23
db:	PACKETSTORM	id:	162358	date:	2021-04-28T14:55:56
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202104-1976	date:	2021-04-27T00:00:00
db:	NVD	id:	CVE-2021-1834	date:	2021-09-08T15:15:10.563