VARIoT IoT vulnerabilities database

A vulnerability in the certificate registration process of Cisco Unified Computing System (UCS) Central Software could allow an authenticated, adjacent attacker to register a rogue Cisco Unified Computing System Manager (UCSM). This vulnerability is due to improper certificate validation. An attacker could exploit this vulnerability by sending a crafted HTTP request to the registration API. A successful exploit could allow the attacker to register a rogue Cisco UCSM and gain access to Cisco UCS Central Software data and Cisco UCSM inventory data. The software supports management of multiple Cisco UCS instances or domains in different locations and environments. Up to 10,000 Cisco UCS servers (blade, rack, and mini) and Cisco HyperFlex systems can be supported using the software

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS XR The software contains a resource management vulnerability.Denial of service (DoS) It may be put into a state. The vulnerability is due to a logic error that occurs when affected devices process Telnet protocol packets. An attacker could exploit this vulnerability by sending a specific stream of packets to an affected device. A successful exploit could allow an attacker to crash the enf_broker process, which could lead to system instability and the inability to process or forward traffic through the affected device

Multiple vulnerabilities in the ingress packet processing function of Cisco IOS XR Software could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. For more information about these vulnerabilities, see the Details section of this advisory. Cisco IOS XR The software contains a resource management vulnerability.Denial of service (DoS) It may be put into a state. The vulnerability is caused by the software's incorrect allocation of resources, and an attacker can exploit this vulnerability by sending a specific packet stream to the affected device. Successful exploitation of this vulnerability could allow an attacker to cause the enf_broker process to leak system memory. Over time, this memory leak could cause the enf_broker process to crash, potentially causing system instability and the inability to process or forward traffic through the affected device

A vulnerability in the user interface of Cisco Webex Meetings and Cisco Webex Meetings Server Software could allow an authenticated, remote attacker to inject a hyperlink into a meeting invitation email. The vulnerability is due to insufficient input validation. An attacker could exploit this vulnerability by entering a URL into a field in the user interface. A successful exploit could allow the attacker to generate a Webex Meetings invitation email that contains a link to a destination of their choosing. Because this email is sent from a trusted source, the recipient may be more likely to click the link. Cisco WebEx Meetings Server (CWMS) is a set of multi-functional conference solutions including audio, video and Web conference in Cisco's WebEx conference solution

A vulnerability in the CLI parser of Cisco IOS XR Software could allow an authenticated, local attacker to view more information than their privileges allow. The vulnerability is due to insufficient application of restrictions during the execution of a specific command. An attacker could exploit this vulnerability by using a specific command at the command line. A successful exploit could allow the attacker to obtain sensitive information within the configuration that otherwise might not have been accessible beyond the privileges of the invoking user. Cisco IOS XR is an operating system developed by Cisco for its network equipment

A vulnerability in the Local Packet Transport Services (LPTS) programming of the SNMP with the management plane protection feature of Cisco IOS XR Software could allow an unauthenticated, remote attacker to allow connections despite the management plane protection that is configured to deny access to the SNMP server of an affected device. This vulnerability is due to incorrect LPTS programming when using SNMP with management plane protection. An attacker could exploit this vulnerability by connecting to an affected device using SNMP. A successful exploit could allow the attacker to connect to the device on the configured SNMP ports. Valid credentials are required to execute any of the SNMP requests. Cisco IOS XR The software contains a vulnerability related to access control.Information may be tampered with

There is an improper permission assignment vulnerability in Huawei ManageOne product. Due to improper security hardening, the process can run with a higher privilege. Successful exploit could allow certain users to do certain operations with improper permissions. Affected product versions include: ManageOne versions 8.0.0, 8.0.1. Huawei ManageOne Is vulnerable to incorrect default permissions.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Huawei Manageone is a set of cloud data center management solutions of China Huawei (Huawei). The product supports unified management of heterogeneous cloud resource pools, and provides functions such as multi-level VDC matching customer organization model, service catalog planning, self-service, centralized alarm analysis, and intelligent operation and maintenance. Huawei ManageOne could allow a remote authenticated malicious user to gain elevated privileges on the system, caused by improper permission assignment vulnerability

A vulnerability in the REST API of Cisco Managed Services Accelerator (MSX) could allow an authenticated, remote attacker to cause a denial of service (DoS) condition on an affected device. The vulnerability is due to the way that the affected software logs certain API requests. An attacker could exploit this vulnerability by sending a flood of crafted API requests to an affected device. A successful exploit could allow the attacker to cause a DoS condition on the affected device

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with root privileges using chroothole_client's PHP call, a related issue to CVE-2017-11322. Ucopia Express is a device used to manage Wifi from Ucopia, a French company

UCOPIA Wi-Fi appliances 6.0.5 allow authenticated remote attackers to escape the restricted administration shell CLI, and access a shell with admin user rights, via an unprotected less command

UCOPIA Wi-Fi appliances 6.0.5 allow arbitrary code execution with admin user privileges via an escape from a restricted command

D-Link DNS-320 FW v2.06B01 Revision Ax is affected by command injection in the system_mgr.cgi component, which can lead to remote arbitrary code execution. D-Link DNS-320 is a NAS (Network Attached Storage) device produced by D-Link in Taiwan. No detailed vulnerability details are currently provided

The D-Link DSR-250 (3.14) DSR-1000N (2.11B201) UPnP service contains a command injection vulnerability, which can cause remote command execution. D-link DSR-250 is a unified service router

The administration web interface on Belkin Linksys WRT160NL 1.0.04.002_US_20130619 devices allows remote authenticated attackers to execute system commands with root privileges via shell metacharacters in the ui_language POST parameter to the apply.cgi form endpoint. This occurs in do_upgrade_post in mini_httpd. NOTE: This vulnerability only affects products that are no longer supported by the maintaine. Belkin Linksys WRT160NL The device has OS A command injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put into a state. Belkin LINKSYS WRT160NL is a wireless router manufactured by Belkin, USA. Belkin Linksys WRT160NL 1.0.04.002_US_20130619 has a security vulnerability, which stems from the failure to properly filter special characters and commands

Rockwell Automation MicroLogix 1400 Version 21.6 and below may allow a remote unauthenticated attacker to send a specially crafted Modbus packet allowing the attacker to retrieve or modify random values in the register. If successfully exploited, this may lead to a buffer overflow resulting in a denial-of-service condition. The FAULT LED will flash RED and communications may be lost. Recovery from denial-of-service condition requires the fault to be cleared by the user. Rockwell Automation Provided by the company MicroLogix 1400 Received Modbus Buffer overflow vulnerability due to packet processing (CWE-120) Exists. As a result, a buffer overflow occurs, and FAULT LED Flashes red and communication may be lost.Service operation obstruction by a remote third party (DoS) You may be attacked. Micrologix 1400 is a programmable logic controller introduced by Rockwell Automation

There is insecure algorithm vulnerability in Huawei products. A module uses less random input in a secure mechanism. Attackers can exploit this vulnerability by brute forcing to obtain sensitive message. This can lead to information leak. Affected product versions include:USG9500 versions V500R001C30SPC200, V500R001C60SPC500,V500R005C00SPC200;USG9520 versions V500R005C00;USG9560 versions V500R005C00;USG9580 versions V500R005C00. plural Huawei The product contains vulnerabilities in the use of cryptographic algorithms.Information may be obtained. Huawei USG9500, Huawei USG9520, Huawei USG9560, and Huawei USG9580 could allow a remote malicious user to obtain sensitive information, caused by an insecure algorithm

An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. iOS , iPadOS , macOS The product contains a vulnerability related to out-of-bounds writes.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a write past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Apple IO Model is a module of Apple (Apple) for processing IO operations. The Apple IO Model has an Input Validation Error vulnerability, which originates from a boundary error when handling untrusted input in the Model I/O component in macOS. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4 iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146. Analytics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Entry added February 1, 2021 APFS Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1794: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1795: Jianjun Dai of 360 Alpha Lab CVE-2021-1796: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1780: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 CoreAnimation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021 CoreAudio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab Entry added February 1, 2021 CoreGraphics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero Entry added February 1, 2021 CoreMedia Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Entry added February 1, 2021 CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro Entry added February 1, 2021 CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to create or modify system files Description: A logic issue was addressed with improved state management. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021 Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1787: James Hutchins Entry added February 1, 2021 FairPlay Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro Entry added February 1, 2021 FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2021-1766: Danny Rosseau of Carve Systems Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 IOSkywalkFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Entry added February 1, 2021 iTunes Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. CVE-2021-1764: Maxime Villard (@m00nbsd) Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021 Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-1756: Ryan Pickren (ryanpickren.com) Entry added February 1, 2021 Swift Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1801: Eliya Stein of Confiant Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Entry added February 1, 2021 Additional recognition iTunes Store We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021 Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Entry added February 1, 2021 libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021 Mail We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher for their assistance. Entry added February 1, 2021 Store Demo We would like to acknowledge @08Tc3wBB for their assistance. Entry added February 1, 2021 WebRTC We would like to acknowledge Philipp Hancke for their assistance. Entry added February 1, 2021 Wi-Fi We would like to acknowledge an anonymous researcher for their assistance. Entry added February 1, 2021 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6 jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26 RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3 UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU= =WL5N -----END PGP SIGNATURE-----

An input validation issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave. A malicious application may be able to read restricted memory. macOS There is an input validation vulnerability in.Information may be obtained. SUSE Linux Enterprise Desktop is an enterprise server version of Linux desktop operating system of German SUSE company. There is a security vulnerability in SUSE Linux Enterprise Desktop. Attackers can use this vulnerability to forcibly read invalid addresses through the Extension field of CUPS to trigger denial of service or obtain sensitive information. A security issue was found in cups before version 2.3.3op2. A missing length check in the ippReadIO function could lead to a buffer over-read. Bugs fixed (https://bugzilla.redhat.com/): 2030932 - CVE-2021-44228 log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value 5. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 ==================================================================== Red Hat Security Advisory Synopsis: Moderate: cups security and bug fix update Advisory ID: RHSA-2021:4393-01 Product: Red Hat Enterprise Linux Advisory URL: https://access.redhat.com/errata/RHSA-2021:4393 Issue date: 2021-11-09 CVE Names: CVE-2020-10001 ==================================================================== 1. Summary: An update for cups is now available for Red Hat Enterprise Linux 8. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section. 2. Relevant releases/architectures: Red Hat Enterprise Linux AppStream (v. 8) - aarch64, noarch, ppc64le, s390x, x86_64 Red Hat Enterprise Linux BaseOS (v. 8) - aarch64, ppc64le, s390x, x86_64 3. Description: The Common UNIX Printing System (CUPS) provides a portable printing layer for Linux, UNIX, and similar operating systems. Security Fix(es): * cups: access to uninitialized buffer in ipp.c (CVE-2020-10001) For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Additional Changes: For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.5 Release Notes linked from the References section. 4. Solution: For details on how to apply this update, which includes the changes described in this advisory, refer to: https://access.redhat.com/articles/11258 After installing this update, the cupsd service will be restarted automatically. 5. Bugs fixed (https://bugzilla.redhat.com/): 1782216 - Print queue is paused after ipp backend ends with CUPS_BACKEND_STOP 1921680 - CVE-2020-10001 cups: access to uninitialized buffer in ipp.c 1938384 - CUPS doesn't start if sssd starts after cupsd 1941437 - cupsd doesn't log job ids when logging into journal 1955964 - PreserveJobHistory doesn't work with seconds 6. Package List: Red Hat Enterprise Linux AppStream (v. 8): aarch64: cups-2.2.6-40.el8.aarch64.rpm cups-client-2.2.6-40.el8.aarch64.rpm cups-client-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debugsource-2.2.6-40.el8.aarch64.rpm cups-devel-2.2.6-40.el8.aarch64.rpm cups-ipptool-2.2.6-40.el8.aarch64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm cups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm cups-lpd-2.2.6-40.el8.aarch64.rpm cups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm noarch: cups-filesystem-2.2.6-40.el8.noarch.rpm ppc64le: cups-2.2.6-40.el8.ppc64le.rpm cups-client-2.2.6-40.el8.ppc64le.rpm cups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debugsource-2.2.6-40.el8.ppc64le.rpm cups-devel-2.2.6-40.el8.ppc64le.rpm cups-ipptool-2.2.6-40.el8.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-lpd-2.2.6-40.el8.ppc64le.rpm cups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm s390x: cups-2.2.6-40.el8.s390x.rpm cups-client-2.2.6-40.el8.s390x.rpm cups-client-debuginfo-2.2.6-40.el8.s390x.rpm cups-debuginfo-2.2.6-40.el8.s390x.rpm cups-debugsource-2.2.6-40.el8.s390x.rpm cups-devel-2.2.6-40.el8.s390x.rpm cups-ipptool-2.2.6-40.el8.s390x.rpm cups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm cups-libs-debuginfo-2.2.6-40.el8.s390x.rpm cups-lpd-2.2.6-40.el8.s390x.rpm cups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm x86_64: cups-2.2.6-40.el8.x86_64.rpm cups-client-2.2.6-40.el8.x86_64.rpm cups-client-debuginfo-2.2.6-40.el8.i686.rpm cups-client-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debuginfo-2.2.6-40.el8.i686.rpm cups-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debugsource-2.2.6-40.el8.i686.rpm cups-debugsource-2.2.6-40.el8.x86_64.rpm cups-devel-2.2.6-40.el8.i686.rpm cups-devel-2.2.6-40.el8.x86_64.rpm cups-ipptool-2.2.6-40.el8.x86_64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm cups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm cups-libs-debuginfo-2.2.6-40.el8.i686.rpm cups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm cups-lpd-2.2.6-40.el8.x86_64.rpm cups-lpd-debuginfo-2.2.6-40.el8.i686.rpm cups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm Red Hat Enterprise Linux BaseOS (v. 8): Source: cups-2.2.6-40.el8.src.rpm aarch64: cups-client-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debuginfo-2.2.6-40.el8.aarch64.rpm cups-debugsource-2.2.6-40.el8.aarch64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.aarch64.rpm cups-libs-2.2.6-40.el8.aarch64.rpm cups-libs-debuginfo-2.2.6-40.el8.aarch64.rpm cups-lpd-debuginfo-2.2.6-40.el8.aarch64.rpm ppc64le: cups-client-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-debugsource-2.2.6-40.el8.ppc64le.rpm cups-ipptool-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-libs-2.2.6-40.el8.ppc64le.rpm cups-libs-debuginfo-2.2.6-40.el8.ppc64le.rpm cups-lpd-debuginfo-2.2.6-40.el8.ppc64le.rpm s390x: cups-client-debuginfo-2.2.6-40.el8.s390x.rpm cups-debuginfo-2.2.6-40.el8.s390x.rpm cups-debugsource-2.2.6-40.el8.s390x.rpm cups-ipptool-debuginfo-2.2.6-40.el8.s390x.rpm cups-libs-2.2.6-40.el8.s390x.rpm cups-libs-debuginfo-2.2.6-40.el8.s390x.rpm cups-lpd-debuginfo-2.2.6-40.el8.s390x.rpm x86_64: cups-client-debuginfo-2.2.6-40.el8.i686.rpm cups-client-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debuginfo-2.2.6-40.el8.i686.rpm cups-debuginfo-2.2.6-40.el8.x86_64.rpm cups-debugsource-2.2.6-40.el8.i686.rpm cups-debugsource-2.2.6-40.el8.x86_64.rpm cups-ipptool-debuginfo-2.2.6-40.el8.i686.rpm cups-ipptool-debuginfo-2.2.6-40.el8.x86_64.rpm cups-libs-2.2.6-40.el8.i686.rpm cups-libs-2.2.6-40.el8.x86_64.rpm cups-libs-debuginfo-2.2.6-40.el8.i686.rpm cups-libs-debuginfo-2.2.6-40.el8.x86_64.rpm cups-lpd-debuginfo-2.2.6-40.el8.i686.rpm cups-lpd-debuginfo-2.2.6-40.el8.x86_64.rpm These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/ 7. References: https://access.redhat.com/security/cve/CVE-2020-10001 https://access.redhat.com/security/updates/classification/#moderate https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.5_release_notes/ 8. Contact: The Red Hat security contact is <secalert@redhat.com>. More contact details at https://access.redhat.com/security/team/contact/ Copyright 2021 Red Hat, Inc. -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIVAwUBYYrdptzjgjWX9erEAQifnA//fTvcvlIMMRvl8mpYAZuZ9Tv8ZLKYT62j LfH/kVsjq5mJDCPUErwq7XgWN0RfhXaV7dPvB/FbCR1Vh4xtrQEev9JsOkP4g/3z WeuNvlfEtgNcSTSeVJEgIDPi1Dqr4PfNfcy81PWzU0T9K2i17BAIlqVcE7N8Zq71 azP5IT5M7xZU21PbqnDy5ULgb5CVtexslxemufa7kkeRDTl8FjeSq7nWXV4DWAjP 2W9/wzHfGgXtMn4wp/64knWPFROocKiwhj69YTGgPecvdvWHnIkZ9cwWSpAT0LIj SIxRTZoGyusouZZV8gchVS9qtsl4VP1B15QF2C1FK8kiJfEaxeJVH9Kf89QLsX8s ZtVMW4WlqWyBI0kmCL4Yz/bxkBnQuhzgbb+tO4347gpaXpW6zwTu8qp2iYBYHFyX EQFaxYTXaV9kxHgkDNqnw5m5Fi+Q/hz7sZcX8485BbDeqbqqVdi2QdvCsCtPcIgj GTp0dTOwoJc/3o35e6cv4uNdQcqxfgfTBhhkqWOS4jzDRNQL5MOrTKql3D/NJSA3 jb/RahyZkSGxYKTwae4qZKEixeL4hNyU+hYZHUYKb4VxAsn9Y9iOGO43u+LLw4Rp 1e/HKPV+cv741Ph4POP8cgrCe2FZNO4sRU4Ac6bL2uPPDZBhYyQYaHEsB9dFSEzc SCmYx2xwC+4=1Pv7 -----END PGP SIGNATURE----- -- RHSA-announce mailing list RHSA-announce@redhat.com https://listman.redhat.com/mailman/listinfo/rhsa-announce . Summary: The Migration Toolkit for Containers (MTC) 1.6.3 is now available. Description: The Migration Toolkit for Containers (MTC) enables you to migrate Kubernetes resources, persistent volume data, and internal container images between OpenShift Container Platform clusters, using the MTC web console or the Kubernetes API. Solution: For details on how to install and use MTC, refer to: https://docs.openshift.com/container-platform/latest/migration_toolkit_for_containers/installing-mtc.html 4. Bugs fixed (https://bugzilla.redhat.com/): 2019088 - "MigrationController" CR displays syntax error when unquiescing applications 2021666 - Route name longer than 63 characters causes direct volume migration to fail 2021668 - "MigrationController" CR ignores the "cluster_subdomain" value for direct volume migration routes 2022017 - CVE-2021-3948 mig-controller: incorrect namespaces handling may lead to not authorized usage of Migration Toolkit for Containers (MTC) 2024966 - Manifests not used by Operator Lifecycle Manager must be removed from the MTC 1.6 Operator image 2027196 - "migration-controller" pod goes into "CrashLoopBackoff" state if an invalid registry route is entered on the "Clusters" page of the web console 2027382 - "Copy oc describe/oc logs" window does not close automatically after timeout 2028841 - "rsync-client" container fails during direct volume migration with "Address family not supported by protocol" error 2031793 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "includedResources" resource 2039852 - "migration-controller" pod goes into "CrashLoopBackOff" state if "MigPlan" CR contains an invalid "destMigClusterRef" or "srcMigClusterRef" 5. Solution: For OpenShift Container Platform 4.9 see the following documentation, which will be updated shortly for this release, for important instructions on how to upgrade your cluster and fully apply this errata update: https://docs.openshift.com/container-platform/4.9/release_notes/ocp-4-9-release-notes.html For Red Hat OpenShift Logging 5.3, see the following instructions to apply this update: https://docs.openshift.com/container-platform/4.7/logging/cluster-logging-upgrading.html 4. Bugs fixed (https://bugzilla.redhat.com/): 1963232 - CVE-2021-33194 golang: x/net/html: infinite loop in ParseFragment 5. JIRA issues fixed (https://issues.jboss.org/): LOG-1168 - Disable hostname verification in syslog TLS settings LOG-1235 - Using HTTPS without a secret does not translate into the correct 'scheme' value in Fluentd LOG-1375 - ssl_ca_cert should be optional LOG-1378 - CLO should support sasl_plaintext(Password over http) LOG-1392 - In fluentd config, flush_interval can't be set with flush_mode=immediate LOG-1494 - Syslog output is serializing json incorrectly LOG-1555 - Fluentd logs emit transaction failed: error_class=NoMethodError while forwarding to external syslog server LOG-1575 - Rejected by Elasticsearch and unexpected json-parsing LOG-1735 - Regression introducing flush_at_shutdown LOG-1774 - The collector logs should be excluded in fluent.conf LOG-1776 - fluentd total_limit_size sets value beyond available space LOG-1822 - OpenShift Alerting Rules Style-Guide Compliance LOG-1859 - CLO Should not error and exit early on missing ca-bundle when cluster wide proxy is not enabled LOG-1862 - Unsupported kafka parameters when enabled Kafka SASL LOG-1903 - Fix the Display of ClusterLogging type in OLM LOG-1911 - CLF API changes to Opt-in to multiline error detection LOG-1918 - Alert `FluentdNodeDown` always firing LOG-1939 - Opt-in multiline detection breaks cloudwatch forwarding 6

A privacy issue existed in the handling of Contact cards. This was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A malicious application may be able to leak sensitive user information. Apple Messages is a component used in Apple mobile devices for processing text messages developed by Apple Corporation in the United States. The following products and models are affected: Apple iOS 14.4 and iPadOS 14.4. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4 iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146. Analytics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Entry added February 1, 2021 APFS Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1794: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1795: Jianjun Dai of 360 Alpha Lab CVE-2021-1796: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1780: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 CoreAnimation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021 CoreAudio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab Entry added February 1, 2021 CoreGraphics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero Entry added February 1, 2021 CoreMedia Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Entry added February 1, 2021 CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro Entry added February 1, 2021 CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to create or modify system files Description: A logic issue was addressed with improved state management. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021 Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1787: James Hutchins Entry added February 1, 2021 FairPlay Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro Entry added February 1, 2021 FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2021-1766: Danny Rosseau of Carve Systems Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 IOSkywalkFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Entry added February 1, 2021 iTunes Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. CVE-2021-1764: Maxime Villard (@m00nbsd) Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021 Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-1756: Ryan Pickren (ryanpickren.com) Entry added February 1, 2021 Swift Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1801: Eliya Stein of Confiant Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Entry added February 1, 2021 Additional recognition iTunes Store We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021 Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Entry added February 1, 2021 libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021 Mail We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher for their assistance. Entry added February 1, 2021 Store Demo We would like to acknowledge @08Tc3wBB for their assistance. Entry added February 1, 2021 WebRTC We would like to acknowledge Philipp Hancke for their assistance. Entry added February 1, 2021 Wi-Fi We would like to acknowledge an anonymous researcher for their assistance. Entry added February 1, 2021 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6 jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26 RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3 UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU= =WL5N -----END PGP SIGNATURE-----

A logic error in kext loading was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. An application may be able to execute arbitrary code with system privileges. Apple macOS could allow a local malicious user to gain elevated privileges on the system, caused by a logic issue in kext loading within the IOKit component