cvelistv5 - CVE-2021-30947

CVE-2021-30947 (GCVE-0-2021-30947)

Vulnerability from cvelistv5 – Published: 2021-08-24 18:50 – Updated: 2024-08-03 22:48

Summary

Severity ?

No CVSS data available.

CWE

An application may be able to access a user's files

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT212975	x_refsource_MISC
	https://support.apple.com/en-us/HT212976	x_refsource_MISC
	https://support.apple.com/en-us/HT212978	x_refsource_MISC
	https://support.apple.com/en-us/HT212979	x_refsource_MISC
	https://support.apple.com/en-us/HT212980	x_refsource_MISC

Impacted products

Vendor

Product

Version

Apple

watchOS

Affected: unspecified , < 8.3 (custom)

Apple	iOS and iPadOS	Affected: unspecified , < 15.2 (custom)
Apple	macOS	Affected: unspecified , < 12.1 (custom)
Apple	macOS	Affected: unspecified , < 11.6 (custom)
Apple	macOS	Affected: unspecified , < 15.2 (custom)

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:48:14.201Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212975"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212976"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212978"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212979"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212980"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "watchOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "8.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.1",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "15.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "An application may be able to access a user\u0027s files",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-12-23T19:58:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212975"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212976"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212978"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212979"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212980"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30947",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "watchOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "8.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.1"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "15.2"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "An application may be able to access a user\u0027s files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212975",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212975"
            },
            {
              "name": "https://support.apple.com/en-us/HT212976",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212976"
            },
            {
              "name": "https://support.apple.com/en-us/HT212978",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212978"
            },
            {
              "name": "https://support.apple.com/en-us/HT212979",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212979"
            },
            {
              "name": "https://support.apple.com/en-us/HT212980",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212980"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30947",
    "datePublished": "2021-08-24T18:50:47",
    "dateReserved": "2021-04-13T00:00:00",
    "dateUpdated": "2024-08-03T22:48:14.201Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.2\", \"matchCriteriaId\": \"CCE4E546-A0DD-4E9E-A6B9-C19B04D77466\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.2\", \"matchCriteriaId\": \"7FB904C1-43D1-4583-8729-5D1B1746A54C\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"11.0\", \"versionEndExcluding\": \"11.6.2\", \"matchCriteriaId\": \"287EBE44-07C0-41D3-B268-CC86CA5FD792\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"12.0\", \"versionEndExcluding\": \"12.1\", \"matchCriteriaId\": \"CA118623-E817-42AA-AB39-6239B1284192\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"15.2\", \"matchCriteriaId\": \"16CAE2FB-FADC-4BF4-9115-D20D365051BF\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"8.3\", \"matchCriteriaId\": \"7A7245FB-6FBE-4C09-80F5-18504CA623B3\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files.\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de acceso con restricciones adicionales del sandbox.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\\u00f3n 11.6.2, tvOS versi\\u00f3n 15.2, macOS Monterey versi\\u00f3n 12.1, iOS versi\\u00f3n 15.2 e iPadOS versi\\u00f3n 15.2, watchOS versi\\u00f3n 8.3.\u0026#xa0;Una aplicaci\\u00f3n puede acceder a los archivos de un usuario\"}]",
      "id": "CVE-2021-30947",
      "lastModified": "2024-11-21T06:05:01.320",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\", \"baseScore\": 5.5, \"baseSeverity\": \"MEDIUM\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"REQUIRED\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 3.6}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:N/A:N\", \"baseScore\": 4.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"NONE\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 8.6, \"impactScore\": 2.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": true}]}",
      "published": "2021-08-24T19:15:21.507",
      "references": "[{\"url\": \"https://support.apple.com/en-us/HT212975\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT212976\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT212978\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT212979\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT212980\", \"source\": \"product-security@apple.com\"}, {\"url\": \"https://support.apple.com/en-us/HT212975\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/en-us/HT212976\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/en-us/HT212978\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/en-us/HT212979\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://support.apple.com/en-us/HT212980\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"NVD-CWE-Other\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-30947\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-08-24T19:15:21.507\",\"lastModified\":\"2024-11-21T06:05:01.320\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de acceso con restricciones adicionales del sandbox.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.6.2, tvOS versi\u00f3n 15.2, macOS Monterey versi\u00f3n 12.1, iOS versi\u00f3n 15.2 e iPadOS versi\u00f3n 15.2, watchOS versi\u00f3n 8.3.\u0026#xa0;Una aplicaci\u00f3n puede acceder a los archivos de un usuario\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-Other\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"CCE4E546-A0DD-4E9E-A6B9-C19B04D77466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"7FB904C1-43D1-4583-8729-5D1B1746A54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0\",\"versionEndExcluding\":\"11.6.2\",\"matchCriteriaId\":\"287EBE44-07C0-41D3-B268-CC86CA5FD792\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"12.0\",\"versionEndExcluding\":\"12.1\",\"matchCriteriaId\":\"CA118623-E817-42AA-AB39-6239B1284192\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"16CAE2FB-FADC-4BF4-9115-D20D365051BF\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"7A7245FB-6FBE-4C09-80F5-18504CA623B3\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT212975\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212976\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212978\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212979\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212980\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212979\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212980\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
  }
}

GSD-2021-30947

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-30947

Aliases

CVE-2021-30947

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30947",
    "description": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files.",
    "id": "GSD-2021-30947"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30947"
      ],
      "details": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files.",
      "id": "GSD-2021-30947",
      "modified": "2023-12-13T01:23:31.137963Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30947",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "watchOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "8.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "12.1"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.6"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "15.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "An application may be able to access a user\u0027s files"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212975",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212975"
          },
          {
            "name": "https://support.apple.com/en-us/HT212976",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212976"
          },
          {
            "name": "https://support.apple.com/en-us/HT212978",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212978"
          },
          {
            "name": "https://support.apple.com/en-us/HT212979",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212979"
          },
          {
            "name": "https://support.apple.com/en-us/HT212980",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212980"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6.2",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2021-30947"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-Other"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212975",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212975"
            },
            {
              "name": "https://support.apple.com/en-us/HT212978",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212978"
            },
            {
              "name": "https://support.apple.com/en-us/HT212979",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212979"
            },
            {
              "name": "https://support.apple.com/en-us/HT212976",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212976"
            },
            {
              "name": "https://support.apple.com/en-us/HT212980",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212980"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 8.6,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": true
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-08-11T12:57Z",
      "publishedDate": "2021-08-24T19:15Z"
    }
  }
}

VAR-202108-1262

Vulnerability from variot - Updated: 2023-12-18 11:16

An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. Information about the security content is also available at https://support.apple.com/HT212979.

Archive Utility Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30950: @gorelics

Bluetooth Available for: macOS Big Sur Impact: A malicious application may be able to disclose kernel memory Description: A logic issue was addressed with improved validation. CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

Bluetooth Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30935: an anonymous researcher

ColorSync Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab CVE-2021-30961: an anonymous researcher CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab

CoreAudio Available for: macOS Big Sur Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

Help Viewer Available for: macOS Big Sur Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk Description: A path handling issue was addressed with improved validation. CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

Intel Graphics Driver Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher

IOUSBHostFamily Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or heap corruption Description: A race condition was addressed with improved locking. CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero

LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved validation. CVE-2021-30990: Ron Masas of BreakPoint.sh

LaunchServices Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security

Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security

Preferences Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics

Script Editor Available for: macOS Big Sur Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. CVE-2021-30975: Ryan Pickren (ryanpickren.com)

TCC Available for: macOS Big Sur Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics

TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences Description: A logic issue was addressed with improved state management. CVE-2021-30970: Jonathan Bar Or of Microsoft

TCC Available for: macOS Big Sur Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients Description: A logic issue was addressed with improved state management. CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

Wi-Fi Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: This issue was addressed with improved checks. CVE-2021-30938: Xinru Chi of Pangu Lab

Additional recognition

Admin Framework We would like to acknowledge Simon Andersen of Aarhus University and Pico Mitchell for their assistance.

ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.

Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.

Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.

Model I/O We would like to acknowledge Rui Yang and Xingwei Lin of Ant Security Light-Year Lab for their assistance.

Installation note: This update may be obtained from the Mac App Store

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p rhi3ZA/+JN0mQCWghikUr8/kK9kNAz6FtHO3M5yvyXXQkArAQBmaTk5aaSpsEDi1 KrE+khCjp7N1eGTHrJ2L6q35X+2UEZZUGC/Uic7Dt/CKoQvkTyfGKCHMIhTxF6O8 JGRIz1+wKCXq8lADs29Q1rRg0TkfaIcbCiKI0YMNWgGWBVuXy5LBq/6EvZ2f8Vhe kvDB46D27C9xHgbCq+ihmVdE6iwAVfVYYOh22uP2lGkT6a1jKI6iifkPl/tuiiVy ZWRLWUJwa3HOdAzy511MSjdnj9RBsI4TYJa4QW+Urn8N4sf9wlrU+5Ng+Yfob4U7 n1G2g2V3o3CQpInl+L7CQN44oFYy9UMmuQGtWd3AqcUbTASuoYcV7P6Hz9X5Akwo buASJcsVBbsCCcFGu8OCygvM3ro44D7uG0vPy65BBTVxgiEyUtSuEE8Gti930zC0 FbBgIQk0W2rvBZiEh+stl/87XrIso18oW7k2D5gmkud6TWqK83JxS8Dmd8Rs1uGW Jc2f7enQyN3OQ2MqcU2aYPdV9+QoEq4Hn29xlct99Vq8lcSwp+rtrP7ZgF3MqVRB Dku4o5Xeh3JngTn1si+lk7X1xVX8DHPnV/k0ZUuCB6TJOLUkdye8ezoLpmkf6Nq/ Q5LC4KIwz9JVMON1ZArO58EMBJXKrA8doxHAxZBOBJxBJQqEltQ\x8afg -----END PGP SIGNATURE-----

Installation note:

Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641

To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".

Alternatively, on your watch, select "My Watch > General > About"

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202108-1262",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.1"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "8.3"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "model": "ipados",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "15.2"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.6.2"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "12.0"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.6.2",
                "versionStartIncluding": "11.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "8.3",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.2",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "12.1",
                "versionStartIncluding": "12.0",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "15.2",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "165356"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      }
    ],
    "trust": 0.3
  },
  "cve": "CVE-2021-30947",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": true,
            "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 8.6,
            "id": "VHN-390680",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "REQUIRED",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-30947",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202108-2048",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390680",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212979. \n\nArchive Utility\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30950: @gorelics\n\nBluetooth\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nBluetooth\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30935: an anonymous researcher\n\nColorSync\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue in the processing of ICC\nprofiles was addressed with improved input validation. \nCVE-2021-30942: Mateusz Jurczyk of Google Project Zero\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab\nCVE-2021-30961: an anonymous researcher\nCVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: macOS Big Sur\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nGraphics Drivers\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30977: Jack Dates of RET2 Systems, Inc. \n\nHelp Viewer\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted URL may cause unexpected\nJavaScript execution from a file on disk\nDescription: A path handling issue was addressed with improved\nvalidation. \nCVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nImageIO\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous\nresearcher\n\nIOUSBHostFamily\nAvailable for: macOS Big Sur\nImpact: A remote attacker may be able to cause unexpected application\ntermination or heap corruption\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-30990: Ron Masas of BreakPoint.sh\n\nLaunchServices\nAvailable for: macOS Big Sur\nImpact: A malicious application may bypass Gatekeeper checks\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30976: chenyuwang (@mzzzz__) and Kirin (@Pwnrin) of Tencent\nSecurity Xuanwu Lab\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\nCVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30973: Ye Zhang (@co0py_Cat) of Baidu Security\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-30971: Ye Zhang (@co0py_Cat) of Baidu Security\n\nPreferences\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nScript Editor\nAvailable for: macOS Big Sur\nImpact: A malicious OSAX scripting addition may bypass Gatekeeper\nchecks and circumvent sandbox restrictions\nDescription: This issue was addressed by disabling execution of\nJavaScript when viewing a scripting dictionary. \nCVE-2021-30975: Ryan Pickren (ryanpickren.com)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30970: Jonathan Bar Or of Microsoft\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to cause a denial of\nservice to Endpoint Security clients\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security\n\nWi-Fi\nAvailable for: macOS Big Sur\nImpact: A local user may be able to cause unexpected system\ntermination or read kernel memory\nDescription: This issue was addressed with improved checks. \nCVE-2021-30938: Xinru Chi of Pangu Lab\n\nAdditional recognition\n\nAdmin Framework\nWe would like to acknowledge Simon Andersen of Aarhus University and\nPico Mitchell for their assistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nModel I/O\nWe would like to acknowledge Rui Yang and Xingwei Lin of Ant Security\nLight-Year Lab for their assistance. \n\nInstallation note:\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UncACgkQeC9qKD1p\nrhi3ZA/+JN0mQCWghikUr8/kK9kNAz6FtHO3M5yvyXXQkArAQBmaTk5aaSpsEDi1\nKrE+khCjp7N1eGTHrJ2L6q35X+2UEZZUGC/Uic7Dt/CKoQvkTyfGKCHMIhTxF6O8\nJGRIz1+wKCXq8lADs29Q1rRg0TkfaIcbCiKI0YMNWgGWBVuXy5LBq/6EvZ2f8Vhe\nkvDB46D27C9xHgbCq+ihmVdE6iwAVfVYYOh22uP2lGkT6a1jKI6iifkPl/tuiiVy\nZWRLWUJwa3HOdAzy511MSjdnj9RBsI4TYJa4QW+Urn8N4sf9wlrU+5Ng+Yfob4U7\nn1G2g2V3o3CQpInl+L7CQN44oFYy9UMmuQGtWd3AqcUbTASuoYcV7P6Hz9X5Akwo\nbuASJcsVBbsCCcFGu8OCygvM3ro44D7uG0vPy65BBTVxgiEyUtSuEE8Gti930zC0\nFbBgIQk0W2rvBZiEh+stl/87XrIso18oW7k2D5gmkud6TWqK83JxS8Dmd8Rs1uGW\nJc2f7enQyN3OQ2MqcU2aYPdV9+QoEq4Hn29xlct99Vq8lcSwp+rtrP7ZgF3MqVRB\nDku4o5Xeh3JngTn1si+lk7X1xVX8DHPnV/k0ZUuCB6TJOLUkdye8ezoLpmkf6Nq/\nQ5LC4KIwz9JVMON1ZArO58EMBJXKrA8doxHAxZBOBJxBJQqEltQ\\x8afg\n-----END PGP SIGNATURE-----\n\n\n\n. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\"",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30947"
      },
      {
        "db": "PACKETSTORM",
        "id": "165356"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      }
    ],
    "trust": 1.35
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30947",
        "trust": 2.1
      },
      {
        "db": "PACKETSTORM",
        "id": "165359",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "165356",
        "trust": 0.8
      },
      {
        "db": "CS-HELP",
        "id": "SB2021121434",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.4260",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "165358",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-390680",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30947",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30947"
      },
      {
        "db": "PACKETSTORM",
        "id": "165356"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "id": "VAR-202108-1262",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2023-12-18T11:16:23.108000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple tvOS Fixes for access control error vulnerabilities",
        "trust": 0.6,
        "url": "http://123.124.177.30/web/xxk/bdxqbyid.tag?id=176527"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      },
      {
        "problemtype": "CWE-668",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 2.3,
        "url": "https://support.apple.com/en-us/ht212976"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212975"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212978"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212979"
      },
      {
        "trust": 1.7,
        "url": "https://support.apple.com/en-us/ht212980"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165359/apple-security-advisory-2021-12-15-6.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/165356/apple-security-advisory-2021-12-15-3.html"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
      },
      {
        "trust": 0.3,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
      },
      {
        "trust": 0.3,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30961"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30969"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30938"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30935"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30950"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30941"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212979."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30963"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30965"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30973"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30931"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30959"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30971"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30970"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30940"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30929"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30993"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30995"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212980."
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht204641"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212975."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30947"
      },
      {
        "db": "PACKETSTORM",
        "id": "165356"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30947"
      },
      {
        "db": "PACKETSTORM",
        "id": "165356"
      },
      {
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30947"
      },
      {
        "date": "2021-12-17T19:19:33",
        "db": "PACKETSTORM",
        "id": "165356"
      },
      {
        "date": "2021-12-17T19:19:55",
        "db": "PACKETSTORM",
        "id": "165358"
      },
      {
        "date": "2021-12-17T19:20:06",
        "db": "PACKETSTORM",
        "id": "165359"
      },
      {
        "date": "2021-08-24T19:15:21.507000",
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-12-29T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390680"
      },
      {
        "date": "2021-08-24T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30947"
      },
      {
        "date": "2023-11-07T03:33:59.927000",
        "db": "NVD",
        "id": "CVE-2021-30947"
      },
      {
        "date": "2022-12-09T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple tvOS Access control error vulnerability",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "access control error",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202108-2048"
      }
    ],
    "trust": 0.6
  }
}

FKIE_CVE-2021-30947

Vulnerability from fkie_nvd - Published: 2021-08-24 19:15 - Updated: 2024-11-21 06:05

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Summary

References

	URL	Tags
	product-security@apple.com	https://support.apple.com/en-us/HT212975
	product-security@apple.com	https://support.apple.com/en-us/HT212976
	product-security@apple.com	https://support.apple.com/en-us/HT212978
	product-security@apple.com	https://support.apple.com/en-us/HT212979
	product-security@apple.com	https://support.apple.com/en-us/HT212980
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212975
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212976
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212978
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212979
	af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212980

Impacted products

Vendor	Product	Version
apple	ipados	*
apple	iphone_os	*
apple	macos	*
apple	macos	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CCE4E546-A0DD-4E9E-A6B9-C19B04D77466",
              "versionEndExcluding": "15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7FB904C1-43D1-4583-8729-5D1B1746A54C",
              "versionEndExcluding": "15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "287EBE44-07C0-41D3-B268-CC86CA5FD792",
              "versionEndExcluding": "11.6.2",
              "versionStartIncluding": "11.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "CA118623-E817-42AA-AB39-6239B1284192",
              "versionEndExcluding": "12.1",
              "versionStartIncluding": "12.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "16CAE2FB-FADC-4BF4-9115-D20D365051BF",
              "versionEndExcluding": "15.2",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7A7245FB-6FBE-4C09-80F5-18504CA623B3",
              "versionEndExcluding": "8.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user\u0027s files."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de acceso con restricciones adicionales del sandbox.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.6.2, tvOS versi\u00f3n 15.2, macOS Monterey versi\u00f3n 12.1, iOS versi\u00f3n 15.2 e iPadOS versi\u00f3n 15.2, watchOS versi\u00f3n 8.3.\u0026#xa0;Una aplicaci\u00f3n puede acceder a los archivos de un usuario"
    }
  ],
  "id": "CVE-2021-30947",
  "lastModified": "2024-11-21T06:05:01.320",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "MEDIUM",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 4.3,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 8.6,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": true
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "REQUIRED",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-08-24T19:15:21.507",
  "references": [
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212975"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212976"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212978"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212979"
    },
    {
      "source": "product-security@apple.com",
      "url": "https://support.apple.com/en-us/HT212980"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212975"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212976"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212978"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212979"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://support.apple.com/en-us/HT212980"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-Other"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

CERTFR-2021-AVI-945

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions 8.x antérieures à 8.3
Apple	N/A	iOS et iPadOS versions 15.x antérieures à 15.2
Apple	macOS	macOS Monterey versions 12.x antérieures à 12.1
Apple	macOS	macOS Big Sur versions 11.6.x antérieures à 11.6.2
Apple	macOS	macOS Catalina versions antérieures à la mise à jour 2021-008
Apple	N/A	tvOS versions 15.x antérieures à 15.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212979 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212981 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212976 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212975 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212978 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212980 du 13 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions 8.x ant\u00e9rieures \u00e0 8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions 15.x ant\u00e9rieures \u00e0 15.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions 12.x ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.6.x ant\u00e9rieures \u00e0 11.6.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 la mise \u00e0 jour 2021-008",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions 15.x ant\u00e9rieures \u00e0 15.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30993"
    },
    {
      "name": "CVE-2021-30983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30983"
    },
    {
      "name": "CVE-2021-30971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30971"
    },
    {
      "name": "CVE-2021-30964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30964"
    },
    {
      "name": "CVE-2021-30957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30957"
    },
    {
      "name": "CVE-2021-30981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30981"
    },
    {
      "name": "CVE-2021-30939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30939"
    },
    {
      "name": "CVE-2021-30948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30948"
    },
    {
      "name": "CVE-2021-30767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30767"
    },
    {
      "name": "CVE-2021-30987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30987"
    },
    {
      "name": "CVE-2021-30992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30992"
    },
    {
      "name": "CVE-2021-30969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30969"
    },
    {
      "name": "CVE-2021-30963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30963"
    },
    {
      "name": "CVE-2021-30967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30967"
    },
    {
      "name": "CVE-2021-30951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30951"
    },
    {
      "name": "CVE-2021-30986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30986"
    },
    {
      "name": "CVE-2021-30916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30916"
    },
    {
      "name": "CVE-2021-30950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30950"
    },
    {
      "name": "CVE-2021-30976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30976"
    },
    {
      "name": "CVE-2021-30965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30965"
    },
    {
      "name": "CVE-2021-30966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30966"
    },
    {
      "name": "CVE-2021-30982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30982"
    },
    {
      "name": "CVE-2021-30941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30941"
    },
    {
      "name": "CVE-2021-30985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30985"
    },
    {
      "name": "CVE-2021-30958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30958"
    },
    {
      "name": "CVE-2021-30931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30931"
    },
    {
      "name": "CVE-2021-30960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30960"
    },
    {
      "name": "CVE-2021-30968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30968"
    },
    {
      "name": "CVE-2021-30945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30945"
    },
    {
      "name": "CVE-2021-30934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30934"
    },
    {
      "name": "CVE-2021-30947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30947"
    },
    {
      "name": "CVE-2021-30932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30932"
    },
    {
      "name": "CVE-2021-30979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30979"
    },
    {
      "name": "CVE-2021-30980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30980"
    },
    {
      "name": "CVE-2021-30973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30973"
    },
    {
      "name": "CVE-2021-30970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30970"
    },
    {
      "name": "CVE-2021-30996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30996"
    },
    {
      "name": "CVE-2021-30940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30940"
    },
    {
      "name": "CVE-2021-30954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30954"
    },
    {
      "name": "CVE-2021-30977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30977"
    },
    {
      "name": "CVE-2021-30942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30942"
    },
    {
      "name": "CVE-2021-30990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30990"
    },
    {
      "name": "CVE-2021-30929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30929"
    },
    {
      "name": "CVE-2021-30937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30937"
    },
    {
      "name": "CVE-2021-30936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30936"
    },
    {
      "name": "CVE-2021-30975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30975"
    },
    {
      "name": "CVE-2021-30953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30953"
    },
    {
      "name": "CVE-2021-30952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30952"
    },
    {
      "name": "CVE-2021-30949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30949"
    },
    {
      "name": "CVE-2021-30926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30926"
    },
    {
      "name": "CVE-2021-30946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30946"
    },
    {
      "name": "CVE-2021-30991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30991"
    },
    {
      "name": "CVE-2021-30935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30935"
    },
    {
      "name": "CVE-2021-30938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30938"
    },
    {
      "name": "CVE-2021-30955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30955"
    },
    {
      "name": "CVE-2021-30927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30927"
    },
    {
      "name": "CVE-2021-30988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30988"
    },
    {
      "name": "CVE-2021-30959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30959"
    },
    {
      "name": "CVE-2021-30984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30984"
    },
    {
      "name": "CVE-2021-30995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30995"
    },
    {
      "name": "CVE-2021-30961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30961"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-945",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212979 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212979"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212981 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212981"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212976 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212976"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212975 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212975"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212978 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212978"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212980 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212980"
    }
  ]
}

CERTFR-2021-AVI-945

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	N/A	watchOS versions 8.x antérieures à 8.3
Apple	N/A	iOS et iPadOS versions 15.x antérieures à 15.2
Apple	macOS	macOS Monterey versions 12.x antérieures à 12.1
Apple	macOS	macOS Big Sur versions 11.6.x antérieures à 11.6.2
Apple	macOS	macOS Catalina versions antérieures à la mise à jour 2021-008
Apple	N/A	tvOS versions 15.x antérieures à 15.2

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212979 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212981 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212976 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212975 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212978 du 13 décembre 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212980 du 13 décembre 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "watchOS versions 8.x ant\u00e9rieures \u00e0 8.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions 15.x ant\u00e9rieures \u00e0 15.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Monterey versions 12.x ant\u00e9rieures \u00e0 12.1",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions 11.6.x ant\u00e9rieures \u00e0 11.6.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions ant\u00e9rieures \u00e0 la mise \u00e0 jour 2021-008",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions 15.x ant\u00e9rieures \u00e0 15.2",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30993",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30993"
    },
    {
      "name": "CVE-2021-30983",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30983"
    },
    {
      "name": "CVE-2021-30971",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30971"
    },
    {
      "name": "CVE-2021-30964",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30964"
    },
    {
      "name": "CVE-2021-30957",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30957"
    },
    {
      "name": "CVE-2021-30981",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30981"
    },
    {
      "name": "CVE-2021-30939",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30939"
    },
    {
      "name": "CVE-2021-30948",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30948"
    },
    {
      "name": "CVE-2021-30767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30767"
    },
    {
      "name": "CVE-2021-30987",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30987"
    },
    {
      "name": "CVE-2021-30992",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30992"
    },
    {
      "name": "CVE-2021-30969",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30969"
    },
    {
      "name": "CVE-2021-30963",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30963"
    },
    {
      "name": "CVE-2021-30967",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30967"
    },
    {
      "name": "CVE-2021-30951",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30951"
    },
    {
      "name": "CVE-2021-30986",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30986"
    },
    {
      "name": "CVE-2021-30916",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30916"
    },
    {
      "name": "CVE-2021-30950",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30950"
    },
    {
      "name": "CVE-2021-30976",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30976"
    },
    {
      "name": "CVE-2021-30965",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30965"
    },
    {
      "name": "CVE-2021-30966",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30966"
    },
    {
      "name": "CVE-2021-30982",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30982"
    },
    {
      "name": "CVE-2021-30941",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30941"
    },
    {
      "name": "CVE-2021-30985",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30985"
    },
    {
      "name": "CVE-2021-30958",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30958"
    },
    {
      "name": "CVE-2021-30931",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30931"
    },
    {
      "name": "CVE-2021-30960",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30960"
    },
    {
      "name": "CVE-2021-30968",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30968"
    },
    {
      "name": "CVE-2021-30945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30945"
    },
    {
      "name": "CVE-2021-30934",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30934"
    },
    {
      "name": "CVE-2021-30947",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30947"
    },
    {
      "name": "CVE-2021-30932",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30932"
    },
    {
      "name": "CVE-2021-30979",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30979"
    },
    {
      "name": "CVE-2021-30980",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30980"
    },
    {
      "name": "CVE-2021-30973",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30973"
    },
    {
      "name": "CVE-2021-30970",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30970"
    },
    {
      "name": "CVE-2021-30996",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30996"
    },
    {
      "name": "CVE-2021-30940",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30940"
    },
    {
      "name": "CVE-2021-30954",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30954"
    },
    {
      "name": "CVE-2021-30977",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30977"
    },
    {
      "name": "CVE-2021-30942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30942"
    },
    {
      "name": "CVE-2021-30990",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30990"
    },
    {
      "name": "CVE-2021-30929",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30929"
    },
    {
      "name": "CVE-2021-30937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30937"
    },
    {
      "name": "CVE-2021-30936",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30936"
    },
    {
      "name": "CVE-2021-30975",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30975"
    },
    {
      "name": "CVE-2021-30953",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30953"
    },
    {
      "name": "CVE-2021-30952",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30952"
    },
    {
      "name": "CVE-2021-30949",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30949"
    },
    {
      "name": "CVE-2021-30926",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30926"
    },
    {
      "name": "CVE-2021-30946",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30946"
    },
    {
      "name": "CVE-2021-30991",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30991"
    },
    {
      "name": "CVE-2021-30935",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30935"
    },
    {
      "name": "CVE-2021-30938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30938"
    },
    {
      "name": "CVE-2021-30955",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30955"
    },
    {
      "name": "CVE-2021-30927",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30927"
    },
    {
      "name": "CVE-2021-30988",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30988"
    },
    {
      "name": "CVE-2021-30959",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30959"
    },
    {
      "name": "CVE-2021-30984",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30984"
    },
    {
      "name": "CVE-2021-30995",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30995"
    },
    {
      "name": "CVE-2021-30961",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30961"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-945",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-12-14T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212979 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212979"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212981 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212981"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212976 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212976"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212975 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212975"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212978 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212978"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212980 du 13 d\u00e9cembre 2021",
      "url": "https://support.apple.com/en-us/HT212980"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30947 (GCVE-0-2021-30947)

GSD-2021-30947

VAR-202108-1262

FKIE_CVE-2021-30947

CERTFR-2021-AVI-945

Solution

CERTFR-2021-AVI-945

Solution

Tags

Sightings

Nomenclature