var-202104-0597
Vulnerability from variot
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. A resource management error vulnerability exists in Apple CoreMedia that exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker could create a specially crafted image, trick the victim into opening it, trigger an out-of-bounds read error and read the contents of memory on the system. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds read in the CoreMedia component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146.
Analytics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Entry added February 1, 2021
APFS Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Entry added February 1, 2021
Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1794: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021
Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1795: Jianjun Dai of 360 Alpha Lab CVE-2021-1796: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021
Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1780: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021
CoreAnimation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021
CoreAudio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab Entry added February 1, 2021
CoreGraphics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero Entry added February 1, 2021
CoreMedia Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Entry added February 1, 2021
CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro Entry added February 1, 2021
CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021
Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to create or modify system files Description: A logic issue was addressed with improved state management. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021
Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1787: James Hutchins Entry added February 1, 2021
FairPlay Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro Entry added February 1, 2021
FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2021-1766: Danny Rosseau of Carve Systems Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021
ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021
IOSkywalkFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Entry added February 1, 2021
iTunes Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. CVE-2021-1764: Maxime Villard (@m00nbsd) Entry added February 1, 2021
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Entry added February 1, 2021
Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher
Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021
Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro Entry added February 1, 2021
Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021
Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021
Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro Entry added February 1, 2021
Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021
Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021
Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-1756: Ryan Pickren (ryanpickren.com) Entry added February 1, 2021
Swift Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) Entry added February 1, 2021
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1801: Eliya Stein of Confiant Entry added February 1, 2021
WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher
WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Entry added February 1, 2021
Additional recognition
iTunes Store We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021
Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Entry added February 1, 2021
libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021
Mail We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher for their assistance. Entry added February 1, 2021
Store Demo We would like to acknowledge @08Tc3wBB for their assistance. Entry added February 1, 2021
WebRTC We would like to acknowledge Philipp Hancke for their assistance. Entry added February 1, 2021
Wi-Fi We would like to acknowledge an anonymous researcher for their assistance. Entry added February 1, 2021
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6 jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26 RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3 UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU= =WL5N -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0597",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.2"
},
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.14"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.14.6"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "tvos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "14.4"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1759"
}
]
},
"configurations": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/configurations#",
"children": {
"@container": "@list"
},
"cpe_match": {
"@container": "@list"
},
"data": {
"@container": "@list"
},
"nodes": {
"@container": "@list"
}
},
"data": [
{
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.4",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.14.6",
"versionStartIncluding": "10.14",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "10.15.7",
"versionStartIncluding": "10.15",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "11.2",
"versionStartIncluding": "11.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "14.4",
"vulnerable": true
}
],
"operator": "OR"
}
]
}
],
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1759"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "161246"
},
{
"db": "PACKETSTORM",
"id": "161247"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
],
"trust": 0.8
},
"cve": "CVE-2021-1759",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"acInsufInfo": false,
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "NVD",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"trust": 1.0,
"userInteractionRequired": true,
"vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "COMPLETE",
"baseScore": 9.3,
"confidentialityImpact": "COMPLETE",
"exploitabilityScore": 8.6,
"id": "VHN-376419",
"impactScore": 10.0,
"integrityImpact": "COMPLETE",
"severity": "HIGH",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:C/I:C/A:C",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "NVD",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"impactScore": 5.9,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
}
],
"severity": [
{
"author": "NVD",
"id": "CVE-2021-1759",
"trust": 1.0,
"value": "HIGH"
},
{
"author": "CNNVD",
"id": "CNNVD-202102-102",
"trust": 0.6,
"value": "HIGH"
},
{
"author": "VULHUB",
"id": "VHN-376419",
"trust": 0.1,
"value": "HIGH"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376419"
},
{
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. A resource management error vulnerability exists in Apple CoreMedia that exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker could create a specially crafted image, trick the victim into opening it, trigger an out-of-bounds read error and read the contents of memory on the system. Vulnerabilities exist in the following product or version: macOS Big Sur 11.0.1. Apple macOS could allow a remote malicious user to execute arbitrary code on the system, caused by an out-of-bounds read in the CoreMedia component. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-02-01-2 Additional information for\nAPPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4\n\niOS 14.4 and iPadOS 14.4 addresses the following issues. Information\nabout the security content is also available at\nhttps://support.apple.com/HT212146. \n\nAnalytics\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1761: Cees Elzinga\nEntry added February 1, 2021\n\nAPFS\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local user may be able to read arbitrary files\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1797: Thomas Tempelmann\nEntry added February 1, 2021\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1794: Jianjun Dai of 360 Alpha Lab\nEntry added February 1, 2021\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1795: Jianjun Dai of 360 Alpha Lab\nCVE-2021-1796: Jianjun Dai of 360 Alpha Lab\nEntry added February 1, 2021\n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An attacker in a privileged position may be able to perform a\ndenial of service attack\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1780: Jianjun Dai of 360 Alpha Lab\nEntry added February 1, 2021\n\nCoreAnimation\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application could execute arbitrary code leading\nto compromise of user information\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-1760: @S0rryMybad of 360 Vulcan Team\nEntry added February 1, 2021\n\nCoreAudio\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nCoreGraphics\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1776: Ivan Fratric of Google Project Zero\nEntry added February 1, 2021\n\nCoreMedia\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT\nEntry added February 1, 2021\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted text file may lead to\narbitrary code execution\nDescription: A stack overflow was addressed with improved input\nvalidation. \nCVE-2021-1772: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nCoreText\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1792: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local user may be able to create or modify system files\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added February 1, 2021\n\nCrash Reporter\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local attacker may be able to elevate their privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1787: James Hutchins\nEntry added February 1, 2021\n\nFairPlay\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to disclose kernel memory\nDescription: An out-of-bounds read issue existed that led to the\ndisclosure of kernel memory. \nCVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun \u0026 Mickey Jin of Trend\nMicro\nEntry added February 1, 2021\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1758: Peter Nguyen of STAR Labs\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: This issue was addressed with improved checks. \nCVE-2021-1766: Danny Rosseau of Carve Systems\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause unexpected application\ntermination or arbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin \u0026 Qi Sun of Trend Micro\nCVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to a denial\nof service\nDescription: An out-of-bounds read issue existed in the curl. \nCVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nImageIO\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An access issue was addressed with improved memory\nmanagement. \nCVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab\nEntry added February 1, 2021\n\nIOSkywalkFamily\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A local attacker may be able to elevate their privileges\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba\nSecurity\nEntry added February 1, 2021\n\niTunes Store\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted URL may lead to arbitrary\njavascript code execution\nDescription: A validation issue was addressed with improved input\nsanitization. \nCVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs\nEntry added February 1, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1764: Maxime Villard (@m00nbsd)\nEntry added February 1, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: Multiple issues were addressed with improved logic. \nCVE-2021-1750: @0xalsr\nEntry added February 1, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to elevate privileges. \nApple is aware of a report that this issue may have been actively\nexploited. \nCVE-2021-1782: an anonymous researcher\n\nMessages\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious application may be able to leak sensitive user\ninformation\nDescription: A privacy issue existed in the handling of Contact\ncards. \nCVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: A buffer overflow was addressed with improved bounds\nchecking. \nCVE-2021-1763: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1768: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1745: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted USD file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1762: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to heap\ncorruption\nDescription: This issue was addressed with improved checks. \nCVE-2021-1767: Mickey Jin \u0026 Junzhi Lu of Trend Micro\nEntry added February 1, 2021\n\nModel I/O\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-1753: Mickey Jin of Trend Micro\nEntry added February 1, 2021\n\nPhone Keypad\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: An attacker with physical access to a device may be able to\nsee private contact information\nDescription: A lock screen issue allowed access to contacts on a\nlocked device. \nCVE-2021-1756: Ryan Pickren (ryanpickren.com)\nEntry added February 1, 2021\n\nSwift\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious attacker with arbitrary read and write capability\nmay be able to bypass Pointer Authentication\nDescription: A logic issue was addressed with improved validation. \nCVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1788: Francisco Alonso (@revskills)\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-1789: @S0rryMybad of 360 Vulcan Team\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: Maliciously crafted web content may violate iframe sandboxing\npolicy\nDescription: This issue was addressed with improved iframe sandbox\nenforcement. \nCVE-2021-1801: Eliya Stein of Confiant\nEntry added February 1, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution. Apple is aware of a report that this issue may have been\nactively exploited. \nCVE-2021-1871: an anonymous researcher\nCVE-2021-1870: an anonymous researcher\n\nWebRTC\nAvailable for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4\nand later, and iPod touch (7th generation)\nImpact: A malicious website may be able to access restricted ports on\narbitrary servers\nDescription: A port redirection issue was addressed with additional\nport validation. \nCVE-2021-1799: Gregory Vishnepolsky \u0026 Ben Seri of Armis Security, and\nSamy Kamkar\nEntry added February 1, 2021\n\nAdditional recognition\n\niTunes Store\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \nEntry added February 1, 2021\n\nKernel\nWe would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin \u0026 Jesse\nChange of Trend Micro for their assistance. \nEntry added February 1, 2021\n\nlibpthread\nWe would like to acknowledge CodeColorist of Ant-Financial Light-Year\nLabs for their assistance. \nEntry added February 1, 2021\n\nMail\nWe would like to acknowledge Yi\u011fit Can YILMAZ (@yilmazcanyigit) and\nan anonymous researcher for their assistance. \nEntry added February 1, 2021\n\nStore Demo\nWe would like to acknowledge @08Tc3wBB for their assistance. \nEntry added February 1, 2021\n\nWebRTC\nWe would like to acknowledge Philipp Hancke for their assistance. \nEntry added February 1, 2021\n\nWi-Fi\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added February 1, 2021\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6\njjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W\nBvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl\nnaDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD\nlXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up\nBWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk\nbfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO\nVZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26\nRCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3\nUrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf\nbSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh\noxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU=\n=WL5N\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"db": "VULHUB",
"id": "VHN-376419"
},
{
"db": "VULMON",
"id": "CVE-2021-1759"
},
{
"db": "PACKETSTORM",
"id": "161246"
},
{
"db": "PACKETSTORM",
"id": "161247"
}
],
"trust": 1.26
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-376419",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376419"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1759",
"trust": 2.0
},
{
"db": "PACKETSTORM",
"id": "161246",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0349",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202102-102",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "161247",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-376419",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1759",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376419"
},
{
"db": "VULMON",
"id": "CVE-2021-1759"
},
{
"db": "PACKETSTORM",
"id": "161246"
},
{
"db": "PACKETSTORM",
"id": "161247"
},
{
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"id": "VAR-202104-0597",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376419"
}
],
"trust": 0.01
},
"last_update_date": "2023-12-18T11:04:23.809000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "Apple CoreMedia Remediation of resource management error vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=140656"
}
],
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-125",
"trust": 1.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376419"
},
{
"db": "NVD",
"id": "CVE-2021-1759"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212146"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212147"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212149"
},
{
"trust": 0.8,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1759"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161246/apple-security-advisory-2021-02-01-2.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0349/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1760"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1766"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1757"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1761"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1744"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1769"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1748"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1764"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1773"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1776"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1778"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1772"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1743"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1758"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1750"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1746"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1747"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1741"
},
{
"trust": 0.1,
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/195924"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212146."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1753"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1762"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1780"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1781"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1768"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1756"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1745"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1763"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1789"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1783"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1787"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1785"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1791"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1786"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212149."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1792"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1782"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1788"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376419"
},
{
"db": "VULMON",
"id": "CVE-2021-1759"
},
{
"db": "PACKETSTORM",
"id": "161246"
},
{
"db": "PACKETSTORM",
"id": "161247"
},
{
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376419"
},
{
"db": "VULMON",
"id": "CVE-2021-1759"
},
{
"db": "PACKETSTORM",
"id": "161246"
},
{
"db": "PACKETSTORM",
"id": "161247"
},
{
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376419"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1759"
},
{
"date": "2021-02-02T16:08:18",
"db": "PACKETSTORM",
"id": "161246"
},
{
"date": "2021-02-02T16:08:52",
"db": "PACKETSTORM",
"id": "161247"
},
{
"date": "2021-04-02T18:15:20.127000",
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"date": "2021-02-02T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-09T00:00:00",
"db": "VULHUB",
"id": "VHN-376419"
},
{
"date": "2021-04-09T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1759"
},
{
"date": "2021-04-09T19:06:40.703000",
"db": "NVD",
"id": "CVE-2021-1759"
},
{
"date": "2021-04-12T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple CoreMedia Buffer error vulnerability",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
],
"trust": 0.6
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "buffer error",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202102-102"
}
],
"trust": 0.6
}
}
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.