VARIoT IoT vulnerabilities database
| VAR-202109-0333 | CVE-2021-1874 | iOS and iPadOS Vulnerability in |
CVSS V2: 9.3 CVSS V3: 8.8 Severity: HIGH |
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges. iOS and iPadOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Kernel is the kernel of the Apple device of Apple (Apple). A security vulnerability exists in the Apple Kernel that stems from state management. The following products and versions are affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5
| VAR-202109-0328 | CVE-2021-1865 | iOS and iPadOS Vulnerability in plaintext storage of important information in |
CVSS V2: 4.3 CVSS V3: 5.0 Severity: MEDIUM |
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen. iOS and iPadOS There is a vulnerability in plaintext storage of important information.Information may be obtained. Apple iOS is an operating system developed by Apple (Apple) for mobile devices. The following products and versions are affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5
| VAR-202109-0327 | CVE-2021-1864 | plural Apple Product Use of Freed Memory Vulnerability |
CVSS V2: 7.5 CVSS V3: 9.8 Severity: CRITICAL |
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code. plural Apple The product contains a usage of freed memory vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. The following products and versions are affected: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation). APPLE-SA-2021-04-26-6 tvOS 14.5. -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-5 watchOS 7.4
watchOS 7.4 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212324.
AppleMobileFileIntegrity
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to leak sensitive user
information
Description: A validation issue was addressed with improved logic.
CVE-2021-30659: Thijs Alkemade of Computest
CoreText
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
FaceTime
Available for: Apple Watch Series 3 and later
Impact: Muting a CallKit call while ringing may not result in mute
being enabled
Description: A logic issue was addressed with improved state
management.
CVE-2021-1872: Siraj Zaneer of Facebook
FontParser
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: Apple Watch Series 3 and later
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
Heimdal
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: Apple Watch Series 3 and later
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of
Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
iTunes Store
Available for: Apple Watch Series 3 and later
Impact: An attacker with JavaScript execution may be able to execute
arbitrary code
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1816: Tielei Wang of Pangu Lab
Kernel
Available for: Apple Watch Series 3 and later
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr
Kernel
Available for: Apple Watch Series 3 and later
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: Apple Watch Series 3 and later
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: Apple Watch Series 3 and later
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
MobileInstallation
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs
Preferences
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: Apple Watch Series 3 and later
Impact: A local user may be able to write arbitrary files
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1807: David Schütz (@xdavidhu)
Tailspin
Available for: Apple Watch Series 3 and later
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1820: an anonymous researcher
WebKit Storage
Available for: Apple Watch Series 3 and later
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
Additional recognition
AirDrop
We would like to acknowledge @maxzks for their assistance.
CoreAudio
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCrypto
We would like to acknowledge Andy Russon of Orange Group for their
assistance.
File Bookmark
We would like to acknowledge an anonymous researcher for their
assistance.
Foundation
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Kernel
We would like to acknowledge Antonio Frighetto of Politecnico di
Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng,
Youjun Huang, Haixin Duan, Mikko Kenttälä ( @Turmio_ ) of SensorFu,
Proteas, and Tielei Wang of Pangu Lab for their assistance.
Security
We would like to acknowledge Xingwei Lin of Ant Security Light-Year
Lab and john (@nyan_satan) for their assistance.
sysdiagnose
We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan
for their assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla for
their assistance.
Installation note:
Instructions on how to update your Apple Watch software are
available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app
on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2kACgkQZcsbuWJ6
jjCSZA//dGlk6FnYdt225G6hrw0Das2JjehGetTJ/jJWvGKA0/GE5arBiMKOZTke
3Qg9l4+spRDWhTptJNYfahuoPT5L9k9V276JvIQdCgvc/FYcio2XVx0MdSTJY+Q7
ixFOkQio2zQA/WVPAqrC+Y7iY1kmsi4nVa8dnqD2wr9qz2QGV9D7na5ApSmwCqoM
AyJgzDIfvtLlMBxV4f5gPBrody/XH+py6YiQyzx/1yZGn9ExkKCKtxHWkMI3ITAB
EYH855RpXUemn6wWbJWk/iE6bHRLm/TJIEw8TS3QTWDUXYh3xY55x5jZbGtbhWZw
QpAbqEQK74pEfjqEGSlQ+X9z8r+P1pHVDbBwSsptzcUFvm3ClfOdAl4Cyvr78aDk
7/nSnT9ri3BJ3FSBiPL+Kh8ZO2DrkGM2HNYgf792G/M34uKbn+0POnEaADpvhtTo
Ot40b3kdUPMWSeEyDy0K/HJm1wlgWKsRgU2X/8xUZQGeR+OlxUv2VIQYC7l6PijW
RXCo1cUIp2q74HGg3O8B2sJaLvkk6fR9za8Bp8qcD53O6YXzabqe2SR+oqS0xp/j
W2wciUAX4kcZ1YquDjCPs5lBt96Vy75PvGc5BULV4uxmOkH3al2jVKsT4IMdJn2t
ITOpVyXUml8UIzJ9jpYALS7SYfz0rCJDMJ7W0SAT1czAF2exrB0=
=Nf4q
-----END PGP SIGNATURE-----
| VAR-202109-0273 | CVE-2021-1807 | plural Apple Product input verification vulnerabilities |
CVSS V2: 4.9 CVSS V3: 5.5 Severity: MEDIUM |
A validation issue was addressed with improved input sanitization. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4. A local user may be able to write arbitrary files. Apple Safari is a web browser of Apple (Apple), the default browser included with Mac OS X and iOS operating systems. APPLE-SA-2021-04-26-5 watchOS 7.4.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
Additional recognition
AirDrop
We would like to acknowledge @maxzks for their assistance.
CoreAudio
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCrypto
We would like to acknowledge Andy Russon of Orange Group for their
assistance.
File Bookmark
We would like to acknowledge an anonymous researcher for their
assistance.
Foundation
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Kernel
We would like to acknowledge Antonio Frighetto of Politecnico di
Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng,
Youjun Huang, Haixin Duan, Mikko Kenttälä ( @Turmio_ ) of SensorFu,
Proteas, and Tielei Wang of Pangu Lab for their assistance.
Security
We would like to acknowledge Xingwei Lin of Ant Security Light-Year
Lab and john (@nyan_satan) for their assistance.
sysdiagnose
We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan
for their assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla for
their assistance.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5
iOS 14.5 and iPadOS 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212317.
Accessibility
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access notes from the lock screen
Description: This issue was addressed with improved checks.
CVE-2021-1835: videosdebarraquito
App Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
alter network traffic
Description: A certificate validation issue was addressed.
CVE-2021-1837: Aapo Oksman of Nixu Cybersecurity
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (3rd generation) and
later, and iPad Air (3rd generation) and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu (吴潍浠) of Ant
Group Tianqiong Security Lab
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza
Assets
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to create or modify privileged files
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1836: an anonymous researcher
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A validation issue was addressed with improved logic.
CVE-2021-30659: Thijs Alkemade of Computest
CoreText
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Muting a CallKit call while ringing may not result in mute
being enabled
Description: A logic issue was addressed with improved state
management.
CVE-2021-1872: Siraj Zaneer of Facebook
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to determine kernel
memory layout
Description: An access issue was addressed with improved memory
management.
CVE-2021-30656: Justin Sherman of University of Maryland, Baltimore
County
Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
iTunes Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with JavaScript execution may be able to execute
arbitrary code
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1877: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1852: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1830: Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1874: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1851: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1816: Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
MobileInstallation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs
Password Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user's password may be visible on screen
Description: An issue obscuring passwords in screenshots was
addressed with improved logic.
CVE-2021-1865: Shibin B Shaji of UST
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to write arbitrary files
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1807: David Schütz (@xdavidhu)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may allow shortcuts to access restricted files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1831: Bouke van der Bijl
Tailspin
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications
Telephony
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A legacy cellular network can automatically answer an
incoming call when an ongoing call ends or drops.
CVE-2021-1854: Steven Thorne of Cspire
Wallet
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to view sensitive information in the
app switcher
Description: The issue was addressed with improved UI handling.
CVE-2021-1848: Bradley D’Amato of ActionIQ
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1820: an anonymous researcher
WebKit Storage
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-7463: Megan2013678
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "14.5"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHOzAACgkQZcsbuWJ6
jjAaUw/+LVyzY07R4wF0TVOLZ1Svkt/cfR69bliLBa+IN5qIzkeTkdnCWVsvWPem
F21wTHb9Z/GH8XVakyUwVwE2NAIw0X8iQcM3Z+fwCdNSwuQuItsWH4BS29JT7COA
23X3KxDtI0WwB3uYAB6VuotYSRR9DakU9jaPEfJw8lnmbV8CMxn33lPxy/PH2IHq
z37xC6wIGiEjZKiWyMa4MY5CXWitceljB1NLYO6+o7AcyHtLZggIoka+Z3kfHIym
Bgj0tRnMULdZJx7zTPGKCHVUkQ564+Gmfji6ZjR+U+3JmjupkcM/j61a/2Bx6m/R
3l9XWs6eut+6FDYZUzmn5VPbDDvEGzw4r8cHY6n4iHjuoIOU1pbi1r1GlyVMN3F0
osw2+kkCKgUEtZjqZCp1jcZJZ0LYKQDQmQc5PWkMPAiIfLtAJ5PPSPOcpPwtXdNv
ymPeaP7HCR35qCzY/zM8NVUNtPeWDRG/BjHpwwY7GZsv8oltzF1GgGVjo7v9kASg
w4Fkq9UTTfHi1lA76vx8//hVkBvaZUlKwv+IWwObiUx8X3YtkxlGUKJpirSL4JeD
ne52T7f3Ob1lf9QJCSzPDE7US8dkh3UgSRKGHeiDTNOiP2qG5DUEswUCiIKSbL36
FepQeQ087BUYLyw3VLl1K/yM8dNwpq/RbFSv/BJaoUu5ZEaUaGs=
=7c10
-----END PGP SIGNATURE-----
| VAR-202109-0282 | CVE-2021-1816 | plural Apple Buffer error vulnerability in the product |
CVSS V2: 9.3 CVSS V3: 7.8 Severity: HIGH |
A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to execute arbitrary code with kernel privileges. plural Apple The product contains a buffer error vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Apple Kernel is the kernel of the Apple device of Apple (Apple). APPLE-SA-2021-04-26-6 tvOS 14.5.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
Additional recognition
AirDrop
We would like to acknowledge @maxzks for their assistance.
CoreAudio
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCrypto
We would like to acknowledge Andy Russon of Orange Group for their
assistance.
File Bookmark
We would like to acknowledge an anonymous researcher for their
assistance.
Foundation
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Kernel
We would like to acknowledge Antonio Frighetto of Politecnico di
Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng,
Youjun Huang, Haixin Duan, Mikko Kenttälä ( @Turmio_ ) of SensorFu,
Proteas, and Tielei Wang of Pangu Lab for their assistance.
Security
We would like to acknowledge Xingwei Lin of Ant Security Light-Year
Lab and john (@nyan_satan) for their assistance.
sysdiagnose
We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan
for their assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla for
their assistance.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5
iOS 14.5 and iPadOS 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212317.
Accessibility
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access notes from the lock screen
Description: This issue was addressed with improved checks.
CVE-2021-1835: videosdebarraquito
App Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
alter network traffic
Description: A certificate validation issue was addressed.
CVE-2021-1837: Aapo Oksman of Nixu Cybersecurity
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (3rd generation) and
later, and iPad Air (3rd generation) and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu (吴潍浠) of Ant
Group Tianqiong Security Lab
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza
Assets
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to create or modify privileged files
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1836: an anonymous researcher
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A validation issue was addressed with improved logic.
CVE-2021-30659: Thijs Alkemade of Computest
CoreText
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Muting a CallKit call while ringing may not result in mute
being enabled
Description: A logic issue was addressed with improved state
management.
CVE-2021-1872: Siraj Zaneer of Facebook
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to determine kernel
memory layout
Description: An access issue was addressed with improved memory
management.
CVE-2021-30656: Justin Sherman of University of Maryland, Baltimore
County
Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
iTunes Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with JavaScript execution may be able to execute
arbitrary code
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1877: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1852: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1830: Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1874: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1851: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1816: Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
MobileInstallation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs
Password Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user's password may be visible on screen
Description: An issue obscuring passwords in screenshots was
addressed with improved logic.
CVE-2021-1865: Shibin B Shaji of UST
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to write arbitrary files
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1807: David Schütz (@xdavidhu)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may allow shortcuts to access restricted files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1831: Bouke van der Bijl
Tailspin
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications
Telephony
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A legacy cellular network can automatically answer an
incoming call when an ongoing call ends or drops.
CVE-2021-1854: Steven Thorne of Cspire
Wallet
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to view sensitive information in the
app switcher
Description: The issue was addressed with improved UI handling.
CVE-2021-1848: Bradley D’Amato of ActionIQ
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1820: an anonymous researcher
WebKit Storage
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-7463: Megan2013678
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "14.5"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHOzAACgkQZcsbuWJ6
jjAaUw/+LVyzY07R4wF0TVOLZ1Svkt/cfR69bliLBa+IN5qIzkeTkdnCWVsvWPem
F21wTHb9Z/GH8XVakyUwVwE2NAIw0X8iQcM3Z+fwCdNSwuQuItsWH4BS29JT7COA
23X3KxDtI0WwB3uYAB6VuotYSRR9DakU9jaPEfJw8lnmbV8CMxn33lPxy/PH2IHq
z37xC6wIGiEjZKiWyMa4MY5CXWitceljB1NLYO6+o7AcyHtLZggIoka+Z3kfHIym
Bgj0tRnMULdZJx7zTPGKCHVUkQ564+Gmfji6ZjR+U+3JmjupkcM/j61a/2Bx6m/R
3l9XWs6eut+6FDYZUzmn5VPbDDvEGzw4r8cHY6n4iHjuoIOU1pbi1r1GlyVMN3F0
osw2+kkCKgUEtZjqZCp1jcZJZ0LYKQDQmQc5PWkMPAiIfLtAJ5PPSPOcpPwtXdNv
ymPeaP7HCR35qCzY/zM8NVUNtPeWDRG/BjHpwwY7GZsv8oltzF1GgGVjo7v9kASg
w4Fkq9UTTfHi1lA76vx8//hVkBvaZUlKwv+IWwObiUx8X3YtkxlGUKJpirSL4JeD
ne52T7f3Ob1lf9QJCSzPDE7US8dkh3UgSRKGHeiDTNOiP2qG5DUEswUCiIKSbL36
FepQeQ087BUYLyw3VLl1K/yM8dNwpq/RbFSv/BJaoUu5ZEaUaGs=
=7c10
-----END PGP SIGNATURE-----
| VAR-202104-1673 | CVE-2021-3512 | Multiple vulnerabilities in Buffalo routers |
CVSS V2: 8.3 CVSS V3: 8.8 Severity: HIGH |
Improper access control vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to bypass access restriction and to start telnet service and execute arbitrary OS commands with root privileges via unspecified vectors. The following vulnerabilities exist in multiple router products provided by Buffalo Inc. * information leak (CWE-200) - CVE-2021-3511 ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-3512 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * The setting information of the device is stolen by a third party on the adjacent network. - CVE-2021-3511 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS Command is executed - CVE-2021-3512. Buffalo 固件是日本Buffalo公司的一个网络设备
| VAR-202104-1672 | CVE-2021-3511 | Multiple vulnerabilities in Buffalo routers |
CVSS V2: 3.3 CVSS V3: 4.3 Severity: MEDIUM |
Disclosure of sensitive information to an unauthorized user vulnerability in Buffalo broadband routers (BHR-4GRV firmware Ver.1.99 and prior, DWR-HP-G300NH firmware Ver.1.83 and prior, HW-450HP-ZWE firmware Ver.1.99 and prior, WHR-300HP firmware Ver.1.99 and prior, WHR-300 firmware Ver.1.99 and prior, WHR-G301N firmware Ver.1.86 and prior, WHR-HP-G300N firmware Ver.1.99 and prior, WHR-HP-GN firmware Ver.1.86 and prior, WPL-05G300 firmware Ver.1.87 and prior, WZR-450HP-CWT firmware Ver.1.99 and prior, WZR-450HP-UB firmware Ver.1.99 and prior, WZR-HP-AG300H firmware Ver.1.75 and prior, WZR-HP-G300NH firmware Ver.1.83 and prior, WZR-HP-G301NH firmware Ver.1.83 and prior, WZR-HP-G302H firmware Ver.1.85 and prior, WZR-HP-G450H firmware Ver.1.89 and prior, WZR-300HP firmware Ver.1.99 and prior, WZR-450HP firmware Ver.1.99 and prior, WZR-600DHP firmware Ver.1.99 and prior, WZR-D1100H firmware Ver.1.99 and prior, FS-HP-G300N firmware Ver.3.32 and prior, FS-600DHP firmware Ver.3.38 and prior, FS-R600DHP firmware Ver.3.39 and prior, and FS-G300N firmware Ver.3.13 and prior) allows remote unauthenticated attackers to obtain information such as configuration via unspecified vectors. The following vulnerabilities exist in multiple router products provided by Buffalo Inc. * information leak (CWE-200) - CVE-2021-3511 ‥ * telnet Inadequate access control to services (CWE-284) - CVE-2021-3512 The following is the vulnerability information JPCERT/CC Report to JPCERT/CC Coordinated with the developers. Reporter : Zero Zero One Co., Ltd. Hayakawa Soraya MrThe expected impact depends on each vulnerability, but it may be affected as follows. * The setting information of the device is stolen by a third party on the adjacent network. - CVE-2021-3511 ‥ * By a third party on the adjacent network, the device telnet Service enabled, root Arbitrary with authority OS Command is executed - CVE-2021-3512. Buffalo 固件是日本Buffalo公司的一个网络设备
| VAR-202104-2018 | No CVE | TOTOLINK smart router has weak password vulnerability |
CVSS V2: 2.1 CVSS V3: - Severity: LOW |
TOTOLINK is a high-end wireless router brand in the Asia-Pacific region, with a market share of 82.3% in South Korea.
TOTOLINK smart router has a weak password vulnerability, which can be exploited by attackers to obtain sensitive information.
| VAR-202104-2019 | No CVE | Linksys Smart Wi-Fi router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Smart Wi-Fi is a router product of Linksys.
The Linksys Smart Wi-Fi router has a weak password vulnerability. Attackers can use the vulnerability to directly log in to the router management background to control the device.
| VAR-202104-1272 | CVE-2021-30165 | Edimax Technology wireless network camera Trust Management Issue Vulnerability |
CVSS V2: 5.0 CVSS V3: 8.1 Severity: HIGH |
The default administrator account & password of the EDIMAX wireless network camera is hard-coded. Remote attackers can disassemble firmware to obtain the privileged permission and further control the devices
| VAR-202104-1475 | CVE-2021-31784 | Open Design Alliance Drawings SDK Out-of-bounds Vulnerability in Microsoft |
CVSS V2: 6.8 CVSS V3: 7.8 Severity: HIGH |
An out-of-bounds write vulnerability exists in the file-reading procedure in Open Design Alliance Drawings SDK before 2021.6 on all supported by ODA platforms in static configuration. This can allow attackers to cause a crash, potentially enabling a denial of service attack (Crash, Exit, or Restart) or possible code execution. The development kit accesses the data in .dwg and .dgn through a convenient, object-oriented API, and provides functions such as C++ API, support for repairing files, and support for .NET, JAVA, and Python development languages
| VAR-202109-0340 | CVE-2021-1825 | Apple iTunes Cross-site scripting vulnerability |
CVSS V2: 4.3 CVSS V3: 6.1 Severity: MEDIUM |
An input validation issue was addressed with improved input validation. This issue is fixed in iTunes 12.11.3 for Windows, iCloud for Windows 12.3, macOS Big Sur 11.3, Safari 14.1, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may lead to a cross site scripting attack. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. A cross-site scripting vulnerability exists in versions of iTunes prior to 12.11.3 due to insufficient sanitization of user-supplied data.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
Additional recognition
AirDrop
We would like to acknowledge @maxzks for their assistance.
CoreAudio
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCrypto
We would like to acknowledge Andy Russon of Orange Group for their
assistance.
File Bookmark
We would like to acknowledge an anonymous researcher for their
assistance.
Foundation
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Kernel
We would like to acknowledge Antonio Frighetto of Politecnico di
Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng,
Youjun Huang, Haixin Duan, Mikko Kenttälä ( @Turmio_ ) of SensorFu,
Proteas, and Tielei Wang of Pangu Lab for their assistance.
Security
We would like to acknowledge Xingwei Lin of Ant Security Light-Year
Lab and john (@nyan_satan) for their assistance.
sysdiagnose
We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan
for their assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla for
their assistance.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-2 macOS Big Sur 11.3
macOS Big Sur 11.3 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212325.
APFS
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1853: Gary Nield of ECSC Group plc and Tim
Michaud(@TimGMichaud) of Zoom Video Communications
AppleMobileFileIntegrity
Available for: macOS Big Sur
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza
Apple Neural Engine
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu(吴潍浠) of Ant Group
Tianqiong Security Lab
Archive Utility
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-1810: an anonymous researcher
Audio
Available for: macOS Big Sur
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: macOS Big Sur
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: macOS Big Sur
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation
Available for: macOS Big Sur
Impact: A malicious application may be able to leak sensitive user
information
Description: A validation issue was addressed with improved logic.
CVE-2021-30659: Thijs Alkemade of Computest
CoreGraphics
Available for: macOS Big Sur
Impact: Opening a maliciously crafted file may lead to unexpected
application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1847: Xuwei Liu of Purdue University
CoreText
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
curl
Available for: macOS Big Sur
Impact: An attacker may provide a fraudulent OCSP response that would
appear valid
Description: This issue was addressed with improved checks.
CVE-2020-8286: an anonymous researcher
curl
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A buffer overflow was addressed with improved input
validation.
CVE-2020-8285: xnynx
DiskArbitration
Available for: macOS Big Sur
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A permissions issue existed in DiskArbitration. This was
addressed with additional ownership checks.
CVE-2021-1784: Mikko Kenttälä (@Turmio_) of SensorFu, Csaba Fitzl
(@theevilbit) of Offensive Security, and an anonymous researcher
FaceTime
Available for: macOS Big Sur
Impact: Muting a CallKit call while ringing may not result in mute
being enabled
Description: A logic issue was addressed with improved state
management.
CVE-2021-1872: Siraj Zaneer of Facebook
FontParser
Available for: macOS Big Sur
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: macOS Big Sur
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
Heimdal
Available for: macOS Big Sur
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-1880: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1814: Ye Zhang of Baidu Security, Mickey Jin & Qi Sun of
Trend Micro, and Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: macOS Big Sur
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
Installer
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: This issue was addressed with improved handling of file
metadata.
CVE-2021-30658: Wojciech Reguła (@_r3ggi) of SecuRing
Intel Graphics Driver
Available for: macOS Big Sur
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1841: Jack Dates of RET2 Systems, Inc.
CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day
Initiative
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Kernel
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1851: @0xalsr
Kernel
Available for: macOS Big Sur
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: macOS Big Sur
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: macOS Big Sur
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: macOS Big Sur
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
Login Window
Available for: macOS Big Sur
Impact: A malicious application with root privileges may be able to
access private information
Description: This issue was addressed with improved entitlements.
CVE-2021-1824: Wojciech Reguła (@_r3ggi) of SecuRing
Notes
Available for: macOS Big Sur
Impact: Locked Notes content may have been unexpectedly unlocked
Description: A logic issue was addressed with improved state
management.
CVE-2021-1859: Syed Ali Shuja (@SyedAliShuja) of Colour King Pvt. Ltd
NSRemoteView
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1876: Matthew Denton of Google Chrome
Preferences
Available for: macOS Big Sur
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: macOS Big Sur
Impact: A malicious website may be able to track users by setting
state in a cache
Description: An issue existed in determining cache occupancy.
CVE-2021-1861: Konstantinos Solomos of University of Illinois at
Chicago
Safari
Available for: macOS Big Sur
Impact: A malicious website may be able to force unnecessary network
connections to fetch its favicon
Description: A logic issue was addressed with improved state
management.
CVE-2021-1855: Håvard Mikkelsen Ottestad of HASMAC AS
SampleAnalysis
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications
smbx
Available for: macOS Big Sur
Impact: An attacker in a privileged network position may be able to
leak sensitive user information
Description: An integer overflow was addressed with improved input
validation.
CVE-2021-1878: Aleksandar Nikolic of Cisco Talos
(talosintelligence.com)
System Preferences
Available for: macOS Big Sur
Impact: A malicious application may bypass Gatekeeper checks
Description: A logic issue was addressed with improved state
management.
CVE-2021-30657: an anonymous researcher
tcpdump
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed with improved checks.
CVE-2020-8037: an anonymous researcher
Time Machine
Available for: macOS Big Sur
Impact: A local attacker may be able to elevate their privileges
Description: The issue was addressed with improved permissions logic.
CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: macOS Big Sur
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC
Available for: macOS Big Sur
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-7463: Megan2013678
Wi-Fi
Available for: macOS Big Sur
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
Wi-Fi
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-1829: Tielei Wang of Pangu Lab
Wi-Fi
Available for: macOS Big Sur
Impact: An application may be able to execute arbitrary code with
system privileges
Description: The issue was addressed with improved permissions logic.
CVE-2021-30655: Gary Nield of ECSC Group plc and Tim
Michaud(@TimGMichaud) of Zoom Video Communications and Wojciech
Reguła (@_r3ggi) of SecuRing
Windows Server
Available for: macOS Big Sur
Impact: A malicious application may be able to unexpectedly leak a
user's credentials from secure text fields
Description: An API issue in Accessibility TCC permissions was
addressed with improved state management.
CVE-2021-1873: an anonymous researcher
Installation note:
This update may be obtained from the Mac App Store or
Apple's Software Downloads web site:
https://support.apple.com/downloads/
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO0UACgkQZcsbuWJ6
jjA/XA/7BDDpbLo0btLbUrps6ELmcqFZhpvhuekw8Yd3jVeJihLcJGJpY38ZCcne
srCJHuXPzlk3ex0bVkKNRrB04xF0vCA4TEBsJ495754PAKWrxmlx0Ce8zg4h+ey/
cMTaUgfB1sgOFO8kJCKJurCjhyQ3Xj5c5xa8/zxlKoAgI36PmhZsCoXC6KD+5mqn
QCRF0kE/y0QSfsq13j4grLGMXLS4pkAJRMWvDiEliYDTw3pOul7ZDOwxLEyucVTv
fE60H7ff7jfPbDcQ4yEgEbla40+YZYwl9Sv4zxIU2OBPva6HLbA+PXxk4F1QX7eA
ECrfycMSIbQKZ2phryENZCcrX5DN4M/VcGIHq4ujF2CXBJymSWV0O5k5K0GzZ0Ko
T2Zr2LOOunvHGrYy0okholNYb0iMA09dvwuDdEGr+vhLZhq1BBbmThhNEnArl7mE
/fx2bvaS3o8TxGuh7mbeFK9q5Tafxe5Qhwgz9pnAtqBC8z1NgQoetk9pKPNDIsNY
t3/7Xcix+fs28YOjmxPTpntud0EGSjxXm4g0bDbsU922iV1Z3ncgOvd//IzPXniS
v4IqR/gPbhg+c2CGoaezD91sE5onLuMmFCogkUyftGHnN0EueKMjI+3fmyG4l4d1
0C3to6hKJNmTm56RgxwfVVOeVnsPF490s9LUYzO4ZUbaQHIuDfo=
=9+Ju
-----END PGP SIGNATURE-----
.
Accessibility
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access notes from the lock screen
Description: This issue was addressed with improved checks.
CVE-2021-1835: videosdebarraquito
App Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
alter network traffic
Description: A certificate validation issue was addressed.
CVE-2021-1849: Siguza
Assets
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to create or modify privileged files
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs
Password Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user's password may be visible on screen
Description: An issue obscuring passwords in screenshots was
addressed with improved logic.
CVE-2021-1807: David Schütz (@xdavidhu)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may allow shortcuts to access restricted files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1868: Tim Michaud of Zoom Communications
Telephony
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A legacy cellular network can automatically answer an
incoming call when an ongoing call ends or drops.
CVE-2021-1854: Steven Thorne of Cspire
Wallet
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to view sensitive information in the
app switcher
Description: The issue was addressed with improved UI handling.
CVE-2020-7463: Megan2013678
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Gentoo Linux Security Advisory GLSA 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
https://security.gentoo.org/
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Severity: High
Title: WebkitGTK+: Multiple vulnerabilities
Date: February 01, 2022
Bugs: #779175, #801400, #813489, #819522, #820434, #829723,
#831739
ID: 202202-01
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Synopsis
=======
Multiple vulnerabilities have been found in WebkitGTK+, the worst of
which could result in the arbitrary execution of code.
Background
=========
WebKitGTK+ is a full-featured port of the WebKit rendering engine,
suitable for projects requiring any kind of web integration, from hybrid
HTML/CSS applications to full-fledged web browsers.
Affected packages
================
-------------------------------------------------------------------
Package / Vulnerable / Unaffected
-------------------------------------------------------------------
1 net-libs/webkit-gtk < 2.34.4 >= 2.34.4
Description
==========
Multiple vulnerabilities have been discovered in WebkitGTK+. Please
review the CVE identifiers referenced below for details.
Workaround
=========
There is no known workaround at this time.
Resolution
=========
All WebkitGTK+ users should upgrade to the latest version:
# emerge --sync
# emerge --ask --oneshot --verbose ">=net-libs/webkit-gtk-2.34.4"
References
=========
[ 1 ] CVE-2021-30848
https://nvd.nist.gov/vuln/detail/CVE-2021-30848
[ 2 ] CVE-2021-30888
https://nvd.nist.gov/vuln/detail/CVE-2021-30888
[ 3 ] CVE-2021-30682
https://nvd.nist.gov/vuln/detail/CVE-2021-30682
[ 4 ] CVE-2021-30889
https://nvd.nist.gov/vuln/detail/CVE-2021-30889
[ 5 ] CVE-2021-30666
https://nvd.nist.gov/vuln/detail/CVE-2021-30666
[ 6 ] CVE-2021-30665
https://nvd.nist.gov/vuln/detail/CVE-2021-30665
[ 7 ] CVE-2021-30890
https://nvd.nist.gov/vuln/detail/CVE-2021-30890
[ 8 ] CVE-2021-30661
https://nvd.nist.gov/vuln/detail/CVE-2021-30661
[ 9 ] WSA-2021-0005
https://webkitgtk.org/security/WSA-2021-0005.html
[ 10 ] CVE-2021-30761
https://nvd.nist.gov/vuln/detail/CVE-2021-30761
[ 11 ] CVE-2021-30897
https://nvd.nist.gov/vuln/detail/CVE-2021-30897
[ 12 ] CVE-2021-30823
https://nvd.nist.gov/vuln/detail/CVE-2021-30823
[ 13 ] CVE-2021-30734
https://nvd.nist.gov/vuln/detail/CVE-2021-30734
[ 14 ] CVE-2021-30934
https://nvd.nist.gov/vuln/detail/CVE-2021-30934
[ 15 ] CVE-2021-1871
https://nvd.nist.gov/vuln/detail/CVE-2021-1871
[ 16 ] CVE-2021-30762
https://nvd.nist.gov/vuln/detail/CVE-2021-30762
[ 17 ] WSA-2021-0006
https://webkitgtk.org/security/WSA-2021-0006.html
[ 18 ] CVE-2021-30797
https://nvd.nist.gov/vuln/detail/CVE-2021-30797
[ 19 ] CVE-2021-30936
https://nvd.nist.gov/vuln/detail/CVE-2021-30936
[ 20 ] CVE-2021-30663
https://nvd.nist.gov/vuln/detail/CVE-2021-30663
[ 21 ] CVE-2021-1825
https://nvd.nist.gov/vuln/detail/CVE-2021-1825
[ 22 ] CVE-2021-30951
https://nvd.nist.gov/vuln/detail/CVE-2021-30951
[ 23 ] CVE-2021-30952
https://nvd.nist.gov/vuln/detail/CVE-2021-30952
[ 24 ] CVE-2021-1788
https://nvd.nist.gov/vuln/detail/CVE-2021-1788
[ 25 ] CVE-2021-1820
https://nvd.nist.gov/vuln/detail/CVE-2021-1820
[ 26 ] CVE-2021-30953
https://nvd.nist.gov/vuln/detail/CVE-2021-30953
[ 27 ] CVE-2021-30749
https://nvd.nist.gov/vuln/detail/CVE-2021-30749
[ 28 ] CVE-2021-30849
https://nvd.nist.gov/vuln/detail/CVE-2021-30849
[ 29 ] CVE-2021-1826
https://nvd.nist.gov/vuln/detail/CVE-2021-1826
[ 30 ] CVE-2021-30836
https://nvd.nist.gov/vuln/detail/CVE-2021-30836
[ 31 ] CVE-2021-30954
https://nvd.nist.gov/vuln/detail/CVE-2021-30954
[ 32 ] CVE-2021-30984
https://nvd.nist.gov/vuln/detail/CVE-2021-30984
[ 33 ] CVE-2021-30851
https://nvd.nist.gov/vuln/detail/CVE-2021-30851
[ 34 ] CVE-2021-30758
https://nvd.nist.gov/vuln/detail/CVE-2021-30758
[ 35 ] CVE-2021-42762
https://nvd.nist.gov/vuln/detail/CVE-2021-42762
[ 36 ] CVE-2021-1844
https://nvd.nist.gov/vuln/detail/CVE-2021-1844
[ 37 ] CVE-2021-30689
https://nvd.nist.gov/vuln/detail/CVE-2021-30689
[ 38 ] CVE-2021-45482
https://nvd.nist.gov/vuln/detail/CVE-2021-45482
[ 39 ] CVE-2021-30858
https://nvd.nist.gov/vuln/detail/CVE-2021-30858
[ 40 ] CVE-2021-21779
https://nvd.nist.gov/vuln/detail/CVE-2021-21779
[ 41 ] WSA-2021-0004
https://webkitgtk.org/security/WSA-2021-0004.html
[ 42 ] CVE-2021-30846
https://nvd.nist.gov/vuln/detail/CVE-2021-30846
[ 43 ] CVE-2021-30744
https://nvd.nist.gov/vuln/detail/CVE-2021-30744
[ 44 ] CVE-2021-30809
https://nvd.nist.gov/vuln/detail/CVE-2021-30809
[ 45 ] CVE-2021-30884
https://nvd.nist.gov/vuln/detail/CVE-2021-30884
[ 46 ] CVE-2021-30720
https://nvd.nist.gov/vuln/detail/CVE-2021-30720
[ 47 ] CVE-2021-30799
https://nvd.nist.gov/vuln/detail/CVE-2021-30799
[ 48 ] CVE-2021-30795
https://nvd.nist.gov/vuln/detail/CVE-2021-30795
[ 49 ] CVE-2021-1817
https://nvd.nist.gov/vuln/detail/CVE-2021-1817
[ 50 ] CVE-2021-21775
https://nvd.nist.gov/vuln/detail/CVE-2021-21775
[ 51 ] CVE-2021-30887
https://nvd.nist.gov/vuln/detail/CVE-2021-30887
[ 52 ] CVE-2021-21806
https://nvd.nist.gov/vuln/detail/CVE-2021-21806
[ 53 ] CVE-2021-30818
https://nvd.nist.gov/vuln/detail/CVE-2021-30818
Availability
===========
This GLSA and any updates to it are available for viewing at
the Gentoo Security Website:
https://security.gentoo.org/glsa/202202-01
Concerns?
========
Security is a primary focus of Gentoo Linux and ensuring the
confidentiality and security of our users' machines is of utmost
importance to us. Any security concerns should be addressed to
security@gentoo.org or alternatively, you may file a bug at
https://bugs.gentoo.org.
License
======
Copyright 2022 Gentoo Foundation, Inc; referenced text
belongs to its owner(s).
The contents of this document are licensed under the
Creative Commons - Attribution / Share Alike license.
https://creativecommons.org/licenses/by-sa/2.5
| VAR-202109-0277 | CVE-2021-1811 | Apple iTunes Buffer error vulnerability |
CVSS V2: 4.3 CVSS V3: 6.5 Severity: MEDIUM |
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted font may result in the disclosure of process memory. Apple iTunes is a set of media player applications of Apple (Apple), which is mainly used for playing and managing digital music and video files. There is a buffer error vulnerability in versions prior to iTunes 12.11.3. This was
addressed with additional ownership checks.
CVE-2021-1805: ABC Research s.r.o.
CVE-2021-1806: ABC Research s.r.o.
CVE-2021-1834: ABC Research s.r.o.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
Additional recognition
AirDrop
We would like to acknowledge @maxzks for their assistance.
CoreAudio
We would like to acknowledge an anonymous researcher for their
assistance.
CoreCrypto
We would like to acknowledge Andy Russon of Orange Group for their
assistance.
File Bookmark
We would like to acknowledge an anonymous researcher for their
assistance.
Foundation
We would like to acknowledge CodeColorist of Ant-Financial LightYear
Labs for their assistance.
Kernel
We would like to acknowledge Antonio Frighetto of Politecnico di
Milano, GRIMM, Keyu Man, Zhiyun Qian, Zhongjie Wang, Xiaofeng Zheng,
Youjun Huang, Haixin Duan, Mikko Kenttälä ( @Turmio_ ) of SensorFu,
Proteas, and Tielei Wang of Pangu Lab for their assistance.
Security
We would like to acknowledge Xingwei Lin of Ant Security Light-Year
Lab and john (@nyan_satan) for their assistance.
sysdiagnose
We would like to acknowledge Tim Michaud (@TimGMichaud) of Leviathan
for their assistance.
WebKit
We would like to acknowledge Emilio Cobos Álvarez of Mozilla for
their assistance.
Alternatively, on your watch, select "My Watch > General > About". -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-04-26-1 iOS 14.5 and iPadOS 14.5
iOS 14.5 and iPadOS 14.5 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212317.
Accessibility
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
access notes from the lock screen
Description: This issue was addressed with improved checks.
CVE-2021-1835: videosdebarraquito
App Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in a privileged network position may be able to
alter network traffic
Description: A certificate validation issue was addressed.
CVE-2021-1837: Aapo Oksman of Nixu Cybersecurity
Apple Neural Engine
Available for: iPhone 8 and later, iPad Pro (3rd generation) and
later, and iPad Air (3rd generation) and later
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1867: Zuozhi Fan (@pattern_F_) and Wish Wu (吴潍浠) of Ant
Group Tianqiong Security Lab
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to bypass Privacy
preferences
Description: An issue in code signature validation was addressed with
improved checks.
CVE-2021-1849: Siguza
Assets
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to create or modify privileged files
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1836: an anonymous researcher
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab
CFNetwork
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may disclose
sensitive user information
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1857: an anonymous researcher
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1846: JunDong Xie of Ant Security Light-Year Lab
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to read restricted memory
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab
CoreFoundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A validation issue was addressed with improved logic.
CVE-2021-30659: Thijs Alkemade of Computest
CoreText
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: A logic issue was addressed with improved state
management.
CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Muting a CallKit call while ringing may not result in mute
being enabled
Description: A logic issue was addressed with improved state
management.
CVE-2021-1872: Siraj Zaneer of Facebook
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to
arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1881: an anonymous researcher, Xingwei Lin of Ant Security
Light-Year Lab, Mickey Jin of Trend Micro, and Hou JingYi
(@hjy79425575) of Qihoo 360
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to gain elevated privileges
Description: A memory corruption issue was addressed with improved
validation.
CVE-2021-1882: Gabe Kirkpatrick (@gabe_k)
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A validation issue was addressed with improved logic.
CVE-2021-1813: Cees Elzinga
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to determine kernel
memory layout
Description: An access issue was addressed with improved memory
management.
CVE-2021-30656: Justin Sherman of University of Maryland, Baltimore
County
Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted server messages may lead to
heap corruption
Description: This issue was addressed with improved checks.
CVE-2021-1883: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A race condition was addressed with improved locking.
CVE-2021-1884: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-1885: CFF of Topsec Alpha Team
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30653: Ye Zhang of Baidu Security
CVE-2021-1843: Ye Zhang of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-1858: Mickey Jin of Trend Micro
iTunes Store
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with JavaScript execution may be able to execute
arbitrary code
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-1864: CodeColorist of Ant-Financial LightYear Labs
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to read kernel memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-1877: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1852: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1830: Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1874: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong
Security Lab
CVE-2021-1851: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1860: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A buffer overflow was addressed with improved bounds
checking.
CVE-2021-1816: Tielei Wang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Copied files may not have the expected file permissions
Description: The issue was addressed with improved permissions logic.
CVE-2021-1832: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to disclose kernel memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30660: Alex Plaskett
libxpc
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A race condition was addressed with additional
validation.
CVE-2021-30652: James Hutchins
libxslt
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may lead to heap
corruption
Description: A double free issue was addressed with improved memory
management.
CVE-2021-1875: Found by OSS-Fuzz
MobileInstallation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to modify protected parts of the
file system
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1822: Bruno Virlet of The Grizzly Labs
Password Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user's password may be visible on screen
Description: An issue obscuring passwords in screenshots was
addressed with improved logic.
CVE-2021-1865: Shibin B Shaji of UST
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to modify protected parts of the
file system
Description: A parsing issue in the handling of directory paths was
addressed with improved path validation.
CVE-2021-1815: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
CVE-2021-1740: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to write arbitrary files
Description: A validation issue was addressed with improved input
sanitization.
CVE-2021-1807: David Schütz (@xdavidhu)
Shortcuts
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may allow shortcuts to access restricted files
Description: The issue was addressed with improved permissions logic.
CVE-2021-1831: Bouke van der Bijl
Tailspin
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-1868: Tim Michaud of Zoom Communications
Telephony
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A legacy cellular network can automatically answer an
incoming call when an ongoing call ends or drops.
CVE-2021-1854: Steven Thorne of Cspire
Wallet
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to view sensitive information in the
app switcher
Description: The issue was addressed with improved UI handling.
CVE-2021-1848: Bradley D’Amato of ActionIQ
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to a
cross site scripting attack
Description: An input validation issue was addressed with improved
input validation.
CVE-2021-1825: Alex Camboe of Aon’s Cyber Solutions
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-1817: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved restrictions.
CVE-2021-1826: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may result in the
disclosure of process memory
Description: A memory initialization issue was addressed with
improved memory handling.
CVE-2021-1820: an anonymous researcher
WebKit Storage
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution. Apple is aware of a report that this issue
may have been actively exploited.
CVE-2021-30661: yangkang(@dnpushme) of 360 ATA
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause unexpected system
termination or corrupt kernel memory
Description: A use after free issue was addressed with improved
memory management.
CVE-2020-7463: Megan2013678
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "14.5"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHOzAACgkQZcsbuWJ6
jjAaUw/+LVyzY07R4wF0TVOLZ1Svkt/cfR69bliLBa+IN5qIzkeTkdnCWVsvWPem
F21wTHb9Z/GH8XVakyUwVwE2NAIw0X8iQcM3Z+fwCdNSwuQuItsWH4BS29JT7COA
23X3KxDtI0WwB3uYAB6VuotYSRR9DakU9jaPEfJw8lnmbV8CMxn33lPxy/PH2IHq
z37xC6wIGiEjZKiWyMa4MY5CXWitceljB1NLYO6+o7AcyHtLZggIoka+Z3kfHIym
Bgj0tRnMULdZJx7zTPGKCHVUkQ564+Gmfji6ZjR+U+3JmjupkcM/j61a/2Bx6m/R
3l9XWs6eut+6FDYZUzmn5VPbDDvEGzw4r8cHY6n4iHjuoIOU1pbi1r1GlyVMN3F0
osw2+kkCKgUEtZjqZCp1jcZJZ0LYKQDQmQc5PWkMPAiIfLtAJ5PPSPOcpPwtXdNv
ymPeaP7HCR35qCzY/zM8NVUNtPeWDRG/BjHpwwY7GZsv8oltzF1GgGVjo7v9kASg
w4Fkq9UTTfHi1lA76vx8//hVkBvaZUlKwv+IWwObiUx8X3YtkxlGUKJpirSL4JeD
ne52T7f3Ob1lf9QJCSzPDE7US8dkh3UgSRKGHeiDTNOiP2qG5DUEswUCiIKSbL36
FepQeQ087BUYLyw3VLl1K/yM8dNwpq/RbFSv/BJaoUu5ZEaUaGs=
=7c10
-----END PGP SIGNATURE-----
| VAR-202104-2017 | No CVE | Feiyuxing next-generation firewall security gateway has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Chengdu Feiyuxing Technology Co., Ltd. serves enterprise, commercial and home users, providing intelligent and easy-to-use network communication management equipment and innovative technology value-added services.
Feiyuxing's next-generation firewall security gateway has weak password vulnerabilities. The attacker uses the default weak password to log in to the background to obtain sensitive information.
| VAR-202104-2021 | No CVE | 3Com OfficeConnect ADSL Wireless 11g Firewall Router has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
3Com OfficeConnect ADSL Wireless 11g Firewall Router is a firewall router.
3Com OfficeConnect ADSL Wireless 11g Firewall Router has a weak password vulnerability. The attacker uses the default weak password to log in to the router management background to obtain sensitive information.
| VAR-202104-2081 | No CVE | Ruijie Cloud Classroom host has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage.
The Ruijie Cloud Classroom host has a weak password vulnerability. Attackers use this vulnerability to log in to the background to obtain sensitive information.
| VAR-202104-2085 | No CVE | RG-UAC Ruijie unified online behavior management and audit system has XSS vulnerabilities |
CVSS V2: 6.4 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a company that uses new technologies such as cloud computing, SDN, mobile internet, big data, and the Internet of Things to provide end-to-end solutions for users in various industries.
RG-UAC Ruijie's unified online behavior management and audit system has XSS vulnerabilities. Attackers can use this vulnerability to obtain sensitive information such as user cookies.
| VAR-202104-2045 | No CVE | Taiwan Broadband Communications Consulting Co., Ltd. Device Name has a weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Taiwan Broadband Communication Co., Ltd. (Taiwan Broadband Communication) provides high-quality channels and CABLE Internet services.
The Device Name of Taiwan Broadband Communications Consulting Co., Ltd. has a weak password vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202104-2020 | No CVE | Ruijie NBR router has unauthorized access vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a company mainly engaged in information system integration services; Internet virtual private network services; Internet management services.
Ruijie Networks NBR router has an unauthorized access vulnerability. Attackers can use this vulnerability to obtain sensitive information.
| VAR-202104-2022 | No CVE | Ruijie Networks RG-UAC device has weak password vulnerability |
CVSS V2: 5.0 CVSS V3: - Severity: MEDIUM |
Ruijie Networks Co., Ltd. is a professional network manufacturer with a full range of network equipment product lines and solutions including switches, routers, software, security firewalls, wireless products, and storage.
Ruijie Networks RG-UAC equipment has a weak password vulnerability. Attackers use this vulnerability to log in to the background of the device to obtain sensitive information.