Sign-up

ID

VAR-202109-0822


CVE

CVE-2021-30802


TITLE

iOS  and  tvOS  Vulnerability in using free memory in

Trust: 0.8

sources: JVNDB: JVNDB-2021-012285

DESCRIPTION

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution. iOS and tvOS Exists in a vulnerability related to the use of freed memory.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. APPLE-SA-2021-07-21-6 tvOS 14.7. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-07-21-6 tvOS 14.7 tvOS 14.7 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212604. Audio Available for: Apple TV 4K and Apple TV HD Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple TV 4K and Apple TV HD Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreText Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team Crash Reporter Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to gain root privileges Description: A logic issue was addressed with improved validation. CVE-2021-30774: Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University CVMS Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: Apple TV 4K and Apple TV HD Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative FontParser Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative Identity Service Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to bypass code signing checks Description: An issue in code signature validation was addressed with improved checks. CVE-2021-30802: Matthew Denton of Google Chrome Security ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30779: Jzhu, Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: Apple TV 4K and Apple TV HD Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: Apple TV 4K and Apple TV HD Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved state management. CVE-2021-30769: Linus Henze (pinauten.de) Kernel Available for: Apple TV 4K and Apple TV HD Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations Description: A logic issue was addressed with improved validation. CVE-2021-30770: Linus Henze (pinauten.de) libxml2 Available for: Apple TV 4K and Apple TV HD Impact: A remote attacker may be able to cause arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30795: Sergei Glazunov of Google Project Zero WebKit Available for: Apple TV 4K and Apple TV HD Impact: Processing maliciously crafted web content may lead to code execution Description: This issue was addressed with improved checks. CVE-2021-30797: Ivan Fratric of Google Project Zero Additional recognition Assets We would like to acknowledge Cees Elzinga for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Safari We would like to acknowledge an anonymous researcher for their assistance. Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: Apple TV will periodically check for software updates. Alternatively, you may manually check for software updates by selecting "Settings -> System -> Software Update -> Update Software." To check the current version of software, select "Settings -> General -> About." Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4sAkACgkQZcsbuWJ6 jjD5oA//a1OagBps6Wv7d8Wap8qvZju5cnyzl2LWvK0m/CSqY0w5SMhrzQ/iy2XO 5qBjUOTZhBKc6tIA3pZYNz/1gMuy8cvLSftxcBG4uwYLsyDF8cFQInQFy/QALm7V UcUXbm5pbDz3WGdIq8aceSG/M+2KWzXXw6kZG/AsZr1c+oPSQir8bHHaScz5k0ec NRjmV/H1XP78ZDBoVwt0gzD/58hhKJojBlriDbaSrrWCGMs7Xyz0CUaJPBK7msOZ eMrLXQxhPeh7m1xdTM4vI5Yo0Cez6ol3SS0ryQzqKOL614rYVGgYyc+IciNXCKIv DDdkN3+dGYeEASfnKmN2xgpL2NtkrTDoyyPGCwufdmkHtcmnPS4+odmJaaStJO8r fM5GWH1s7bUR2QkFWsK0DMjz9DwUhjfmCPrv+Nji+FDwMdIOhvHFTvqY/t7xxgrm 2jw7fF+7ugaCtnTNasrHkdR9HG5TrDYU51sV2MxXlWSLWqlJJKC8xy1Pk2JqH0Z7 6xYZvXqefRzb86OMY0N0GTxpvCLFo92Mmq5H8Zmrpl2q9l9QQSGFHP9DDA/oLCSb UfI9UXfT2Z79+vGKV97gXVDLhaiHPy9b725lq8Sn5HbsutGFmY+VBUvRCgTd9MNn ycBzm2H2/zOw7h3M9Q62mPciT/d4X2uMZ7fo647xeoHjYu/j9Rk=q0q7 -----END PGP SIGNATURE-----

Trust: 2.43

sources: NVD: CVE-2021-30802 // JVNDB: JVNDB-2021-012285 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390535 // VULMON: CVE-2021-30802 // PACKETSTORM: 163651

AFFECTED PRODUCTS

vendor:applemodel:iphone osscope:ltversion:14.7

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.7

Trust: 1.0

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-012285 // NVD: CVE-2021-30802

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30802
value: HIGH

Trust: 1.0

NVD: CVE-2021-30802
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1637
value: HIGH

Trust: 0.6

VULHUB: VHN-390535
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30802
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390535
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30802
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-30802
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390535 // JVNDB: JVNDB-2021-012285 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1637 // NVD: CVE-2021-30802

PROBLEMTYPE DATA

problemtype:CWE-416

Trust: 1.1

problemtype:Use of freed memory (CWE-416) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390535 // JVNDB: JVNDB-2021-012285 // NVD: CVE-2021-30802

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1637

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212601 Apple  Security updateurl:https://support.apple.com/en-us/HT212601

Trust: 0.8

title:Apple iOS and iPadOS Remediation of resource management error vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157243

Trust: 0.6

sources: JVNDB: JVNDB-2021-012285 // CNNVD: CNNVD-202107-1637

EXTERNAL IDS

db:NVDid:CVE-2021-30802

Trust: 3.5

db:JVNDBid:JVNDB-2021-012285

Trust: 0.8

db:PACKETSTORMid:163651

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072217

Trust: 0.6

db:AUSCERTid:ESB-2021.2488

Trust: 0.6

db:CNNVDid:CNNVD-202107-1637

Trust: 0.6

db:VULHUBid:VHN-390535

Trust: 0.1

db:VULMONid:CVE-2021-30802

Trust: 0.1

sources: VULHUB: VHN-390535 // VULMON: CVE-2021-30802 // JVNDB: JVNDB-2021-012285 // PACKETSTORM: 163651 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1637 // NVD: CVE-2021-30802

REFERENCES

url:https://support.apple.com/en-us/ht212601

Trust: 2.3

url:https://support.apple.com/en-us/ht212604

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30802

Trust: 1.5

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://packetstormsecurity.com/files/163651/apple-security-advisory-2021-07-21-6.html

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2488

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072217

Trust: 0.6

url:http://seclists.org/fulldisclosure/2021/jul/59

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30795

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30788

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30773

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30776

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30797

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-3518

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30759

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30789

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30775

Trust: 0.1

url:https://support.apple.com/ht212604.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30779

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30758

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30774

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30760

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30770

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30769

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30785

Trust: 0.1

sources: VULHUB: VHN-390535 // VULMON: CVE-2021-30802 // JVNDB: JVNDB-2021-012285 // PACKETSTORM: 163651 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1637 // NVD: CVE-2021-30802

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 163651

SOURCES

db:VULHUBid:VHN-390535
db:VULMONid:CVE-2021-30802
db:JVNDBid:JVNDB-2021-012285
db:PACKETSTORMid:163651
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1637
db:NVDid:CVE-2021-30802

LAST UPDATE DATE

2024-08-14T12:54:21.560000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390535date:2021-09-21T00:00:00
db:JVNDBid:JVNDB-2021-012285date:2022-08-29T03:11:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1637date:2021-09-10T00:00:00
db:NVDid:CVE-2021-30802date:2021-09-21T14:54:45.457

SOURCES RELEASE DATE

db:VULHUBid:VHN-390535date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-012285date:2022-08-29T00:00:00
db:PACKETSTORMid:163651date:2021-07-23T15:35:22
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1637date:2021-07-21T00:00:00
db:NVDid:CVE-2021-30802date:2021-09-08T14:15:11.877