var-202110-0945
Vulnerability from variot
A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution. iOS and iPadOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
iOS 14.8 and iPadOS 14.8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212807.
Bluetooth Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30820: Jianjun Dai of Qihoo 360 Alpha Lab Entry added September 20, 2021
CoreGraphics Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation. CVE-2021-30860: The Citizen Lab
FontParser Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021
Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021
libexpat Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021
Preferences Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30858: an anonymous researcher
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30848: Sergei Glazunov of Google Project Zero Entry added September 20, 2021
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30849: Sergei Glazunov of Google Project Zero Entry added September 20, 2021
WebKit Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30846: Sergei Glazunov of Google Project Zero Entry added September 20, 2021
Additional recognition
CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021
Installation note:
This update is available through iTunes and Software Update on your iOS device, and will not appear in your computer's Software Update application, or in the Apple Downloads site. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated: * Navigate to Settings * Select General * Select About * The version after applying this update will be "14.8"
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI884ACgkQeC9qKD1p rhg8fw/+JL/Emgqw3tIeloZ6nl7RotrzBEJ8U0jvOfyHvYRKkcvgD0Oc+puZ+eY7 ngiUivHqvlVz3wDO4o1GHN5Ml1rveIxHttUWxLvY6dsG2G4X9p1AqHnDy2fB0Rqx 13L19SsxP4fLI/PcDP3wNjeiZwH7hzJTVNGLQdWw93DNbUA9zUcyLHPBLVspjXl+ g/61E+4uznJD0TtmyqU041BLiqbrBSnD2WCFFbm6NT4FIz3yHta65CvKtLDZPjHt ckP5uORsyHy8vwtcuY0x4Wpfq1bNjV47tiVqrGUn2M2QAyfukGLXUAE85D/nxD/a VDKor1EU+l+nHA21rzPXj7YSXCiJke/VwajWuspz0biMcOuc/+3Xl/WLONA2mHuf eTAIAGNP8UNQ/ZVZzD9d/m5kirHeqHn4rmC+0vYZv7gC3/UsAD5MqFXpCXtuPUu6 D5pDYp4wB56zv9ZFe9EcsomRLLsp3ubWGOq/FExD4Pi0W++kY6F68W2Voh9xSnaN a9RcvGqZMbTdaIGOB698qWvaRNvXCrNbQzT9K+63CM7NComXnaW5FdtsVMjRLArT 3T4m2UsRnWmi6A1cD06hdpuZNT5hs27iGO0srSH+GypfOHS2BHITPizuJjIpQ37M /Q8bAJn6KoL8RKdOf36oBXtGBiXvA0OXPjWdrh44oW8Wnlx5NU0= =vNXl -----END PGP SIGNATURE-----
Show details on source website{ "@context": { "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#", "affected_products": { "@id": "https://www.variotdbs.pl/ref/affected_products" }, "configurations": { "@id": "https://www.variotdbs.pl/ref/configurations" }, "credits": { "@id": "https://www.variotdbs.pl/ref/credits" }, "cvss": { "@id": "https://www.variotdbs.pl/ref/cvss/" }, "description": { "@id": "https://www.variotdbs.pl/ref/description/" }, "exploit_availability": { "@id": "https://www.variotdbs.pl/ref/exploit_availability/" }, "external_ids": { "@id": "https://www.variotdbs.pl/ref/external_ids/" }, "iot": { "@id": "https://www.variotdbs.pl/ref/iot/" }, "iot_taxonomy": { "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/" }, "patch": { "@id": "https://www.variotdbs.pl/ref/patch/" }, "problemtype_data": { "@id": "https://www.variotdbs.pl/ref/problemtype_data/" }, "references": { "@id": "https://www.variotdbs.pl/ref/references/" }, "sources": { "@id": "https://www.variotdbs.pl/ref/sources/" }, "sources_release_date": { "@id": "https://www.variotdbs.pl/ref/sources_release_date/" }, "sources_update_date": { "@id": "https://www.variotdbs.pl/ref/sources_update_date/" }, "threat_type": { "@id": "https://www.variotdbs.pl/ref/threat_type/" }, "title": { "@id": "https://www.variotdbs.pl/ref/title/" }, "type": { "@id": "https://www.variotdbs.pl/ref/type/" } }, "@id": "https://www.variotdbs.pl/vuln/VAR-202110-0945", "affected_products": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/affected_products#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "model": "ipados", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.8" }, { "model": "iphone os", "scope": "lt", "trust": 1.0, "vendor": "apple", "version": "14.8" }, { "model": "ipados", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null }, { "model": "ios", "scope": null, "trust": 0.8, "vendor": "\u30a2\u30c3\u30d7\u30eb", "version": null } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "NVD", "id": "CVE-2021-30820" } ] }, "configurations": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/configurations#", "children": { "@container": "@list" }, "cpe_match": { "@container": "@list" }, "data": { "@container": "@list" }, "nodes": { "@container": "@list" } }, "data": [ { "CVE_data_version": "4.0", "nodes": [ { "children": [], "cpe_match": [ { "cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.8", "vulnerable": true }, { "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "cpe_name": [], "versionEndExcluding": "14.8", "vulnerable": true } ], "operator": "OR" } ] } ], "sources": [ { "db": "NVD", "id": "CVE-2021-30820" } ] }, "credits": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/credits#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "Apple", "sources": [ { "db": "PACKETSTORM", "id": "164242" } ], "trust": 0.1 }, "cve": "CVE-2021-30820", "cvss": { "@context": { "cvssV2": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2" }, "cvssV3": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#" }, "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/" }, "severity": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/cvss/severity#" }, "@id": "https://www.variotdbs.pl/ref/cvss/severity" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" }, "@id": "https://www.variotdbs.pl/ref/sources" } }, "data": [ { "cvssV2": [ { "acInsufInfo": false, "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "NVD", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "impactScore": 6.4, "integrityImpact": "PARTIAL", "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "severity": "HIGH", "trust": 1.0, "userInteractionRequired": false, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "acInsufInfo": null, "accessComplexity": "Low", "accessVector": "Network", "authentication": "None", "author": "NVD", "availabilityImpact": "Partial", "baseScore": 7.5, "confidentialityImpact": "Partial", "exploitabilityScore": null, "id": "CVE-2021-30820", "impactScore": null, "integrityImpact": "Partial", "obtainAllPrivilege": null, "obtainOtherPrivilege": null, "obtainUserPrivilege": null, "severity": "High", "trust": 0.8, "userInteractionRequired": null, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0" }, { "accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "author": "VULHUB", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "exploitabilityScore": 10.0, "id": "VHN-390553", "impactScore": 6.4, "integrityImpact": "PARTIAL", "severity": "HIGH", "trust": 0.1, "vectorString": "AV:N/AC:L/AU:N/C:P/I:P/A:P", "version": "2.0" } ], "cvssV3": [ { "attackComplexity": "LOW", "attackVector": "NETWORK", "author": "NVD", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "exploitabilityScore": 3.9, "impactScore": 5.9, "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "trust": 1.0, "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1" }, { "attackComplexity": "Low", "attackVector": "Network", "author": "NVD", "availabilityImpact": "High", "baseScore": 9.8, "baseSeverity": "Critical", "confidentialityImpact": "High", "exploitabilityScore": null, "id": "CVE-2021-30820", "impactScore": null, "integrityImpact": "High", "privilegesRequired": "None", "scope": "Unchanged", "trust": 0.8, "userInteraction": "None", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0" } ], "severity": [ { "author": "NVD", "id": "CVE-2021-30820", "trust": 1.8, "value": "CRITICAL" }, { "author": "CNNVD", "id": "CNNVD-202109-1288", "trust": 0.6, "value": "CRITICAL" }, { "author": "VULHUB", "id": "VHN-390553", "trust": 0.1, "value": "HIGH" } ] } ], "sources": [ { "db": "VULHUB", "id": "VHN-390553" }, { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "NVD", "id": "CVE-2021-30820" }, { "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "description": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/description#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution. iOS and iPadOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-6 Additional information for\nAPPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8\n\niOS 14.8 and iPadOS 14.8 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212807. \n\nBluetooth\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause arbitrary code\nexecution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30820: Jianjun Dai of Qihoo 360 Alpha Lab\nEntry added September 20, 2021\n\nCoreGraphics\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution. Apple is aware of a report that this issue may have\nbeen actively exploited. \nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30860: The Citizen Lab\n\nFontParser\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2021-30858: an anonymous researcher\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to code\nexecution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30848: Sergei Glazunov of Google Project Zero\nEntry added September 20, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: Multiple memory corruption issues were addressed with\nimproved memory handling. \nCVE-2021-30849: Sergei Glazunov of Google Project Zero\nEntry added September 20, 2021\n\nWebKit\nAvailable for: iPhone 6s and later, iPad Pro (all models), iPad Air 2\nand later, iPad 5th generation and later, iPad mini 4 and later, and\niPod touch (7th generation)\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30846: Sergei Glazunov of Google Project Zero\nEntry added September 20, 2021\n\nAdditional recognition\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update is available through iTunes and Software Update on your\niOS device, and will not appear in your computer\u0027s Software Update\napplication, or in the Apple Downloads site. Make sure you have an\nInternet connection and have installed the latest version of iTunes\nfrom https://www.apple.com/itunes/\n\niTunes and Software Update on the device will automatically check\nApple\u0027s update server on its weekly schedule. When an update is\ndetected, it is downloaded and the option to be installed is\npresented to the user when the iOS device is docked. We recommend\napplying the update immediately if possible. Selecting Don\u0027t Install\nwill present the option the next time you connect your iOS device. \nThe automatic update process may take up to a week depending on the\nday that iTunes or the device checks for updates. You may manually\nobtain the update via the Check for Updates button within iTunes, or\nthe Software Update on your device. \n\nTo check that the iPhone, iPod touch, or iPad has been updated:\n* Navigate to Settings\n* Select General\n* Select About\n* The version after applying this update will be \"14.8\"\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI884ACgkQeC9qKD1p\nrhg8fw/+JL/Emgqw3tIeloZ6nl7RotrzBEJ8U0jvOfyHvYRKkcvgD0Oc+puZ+eY7\nngiUivHqvlVz3wDO4o1GHN5Ml1rveIxHttUWxLvY6dsG2G4X9p1AqHnDy2fB0Rqx\n13L19SsxP4fLI/PcDP3wNjeiZwH7hzJTVNGLQdWw93DNbUA9zUcyLHPBLVspjXl+\ng/61E+4uznJD0TtmyqU041BLiqbrBSnD2WCFFbm6NT4FIz3yHta65CvKtLDZPjHt\nckP5uORsyHy8vwtcuY0x4Wpfq1bNjV47tiVqrGUn2M2QAyfukGLXUAE85D/nxD/a\nVDKor1EU+l+nHA21rzPXj7YSXCiJke/VwajWuspz0biMcOuc/+3Xl/WLONA2mHuf\neTAIAGNP8UNQ/ZVZzD9d/m5kirHeqHn4rmC+0vYZv7gC3/UsAD5MqFXpCXtuPUu6\nD5pDYp4wB56zv9ZFe9EcsomRLLsp3ubWGOq/FExD4Pi0W++kY6F68W2Voh9xSnaN\na9RcvGqZMbTdaIGOB698qWvaRNvXCrNbQzT9K+63CM7NComXnaW5FdtsVMjRLArT\n3T4m2UsRnWmi6A1cD06hdpuZNT5hs27iGO0srSH+GypfOHS2BHITPizuJjIpQ37M\n/Q8bAJn6KoL8RKdOf36oBXtGBiXvA0OXPjWdrh44oW8Wnlx5NU0=\n=vNXl\n-----END PGP SIGNATURE-----\n\n\n\n", "sources": [ { "db": "NVD", "id": "CVE-2021-30820" }, { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "VULHUB", "id": "VHN-390553" }, { "db": "VULMON", "id": "CVE-2021-30820" }, { "db": "PACKETSTORM", "id": "164242" } ], "trust": 1.89 }, "external_ids": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/external_ids#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "db": "NVD", "id": "CVE-2021-30820", "trust": 3.5 }, { "db": "JVNDB", "id": "JVNDB-2021-013787", "trust": 0.8 }, { "db": "PACKETSTORM", "id": "164242", "trust": 0.7 }, { "db": "AUSCERT", "id": "ESB-2021.3099.2", "trust": 0.6 }, { "db": "CNNVD", "id": "CNNVD-202109-1288", "trust": 0.6 }, { "db": "VULHUB", "id": "VHN-390553", "trust": 0.1 }, { "db": "VULMON", "id": "CVE-2021-30820", "trust": 0.1 } ], "sources": [ { "db": "VULHUB", "id": "VHN-390553" }, { "db": "VULMON", "id": "CVE-2021-30820" }, { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "PACKETSTORM", "id": "164242" }, { "db": "NVD", "id": "CVE-2021-30820" }, { "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "id": "VAR-202110-0945", "iot": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/iot#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": true, "sources": [ { "db": "VULHUB", "id": "VHN-390553" } ], "trust": 0.01 }, "last_update_date": "2023-12-18T10:55:18.285000Z", "patch": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/patch#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "title": "HT212807 Apple\u00a0 Security update", "trust": 0.8, "url": "https://support.apple.com/en-us/ht212807" }, { "title": "Apple iPadOS Security vulnerabilities", "trust": 0.6, "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=166691" } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "problemtype_data": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "problemtype": "NVD-CWE-noinfo", "trust": 1.0 }, { "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]", "trust": 0.8 } ], "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "NVD", "id": "CVE-2021-30820" } ] }, "references": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/references#", "data": { "@container": "@list" }, "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": [ { "trust": 1.7, "url": "https://support.apple.com/en-us/ht212807" }, { "trust": 1.5, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30820" }, { "trust": 0.6, "url": "https://packetstormsecurity.com/files/164242/apple-security-advisory-2021-09-20-6.html" }, { "trust": 0.6, "url": "https://www.auscert.org.au/bulletins/esb-2021.3099.2" }, { "trust": 0.6, "url": "https://vigilance.fr/vulnerability/apple-ios-macos-multiple-vulnerabilities-36461" }, { "trust": 0.1, "url": "http://seclists.org/fulldisclosure/2021/sep/38" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30858" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841" }, { "trust": 0.1, "url": "https://www.apple.com/itunes/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855" }, { "trust": 0.1, "url": "https://support.apple.com/kb/ht201222" }, { "trust": 0.1, "url": "https://www.apple.com/support/security/pgp/" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30849" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30848" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859" }, { "trust": 0.1, "url": "https://support.apple.com/ht212807." }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860" }, { "trust": 0.1, "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30846" } ], "sources": [ { "db": "VULHUB", "id": "VHN-390553" }, { "db": "VULMON", "id": "CVE-2021-30820" }, { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "PACKETSTORM", "id": "164242" }, { "db": "NVD", "id": "CVE-2021-30820" }, { "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "sources": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#", "data": { "@container": "@list" } }, "data": [ { "db": "VULHUB", "id": "VHN-390553" }, { "db": "VULMON", "id": "CVE-2021-30820" }, { "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "db": "PACKETSTORM", "id": "164242" }, { "db": "NVD", "id": "CVE-2021-30820" }, { "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "sources_release_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-10-19T00:00:00", "db": "VULHUB", "id": "VHN-390553" }, { "date": "2022-09-28T00:00:00", "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "date": "2021-09-22T16:30:10", "db": "PACKETSTORM", "id": "164242" }, { "date": "2021-10-19T14:15:08.577000", "db": "NVD", "id": "CVE-2021-30820" }, { "date": "2021-09-20T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "sources_update_date": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#", "data": { "@container": "@list" } }, "data": [ { "date": "2021-10-20T00:00:00", "db": "VULHUB", "id": "VHN-390553" }, { "date": "2022-09-28T01:56:00", "db": "JVNDB", "id": "JVNDB-2021-013787" }, { "date": "2021-10-20T21:56:25.897000", "db": "NVD", "id": "CVE-2021-30820" }, { "date": "2021-10-22T00:00:00", "db": "CNNVD", "id": "CNNVD-202109-1288" } ] }, "threat_type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/threat_type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "remote", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1288" } ], "trust": 0.6 }, "title": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/title#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "iOS\u00a0 and \u00a0iPadOS\u00a0 Vulnerability in", "sources": [ { "db": "JVNDB", "id": "JVNDB-2021-013787" } ], "trust": 0.8 }, "type": { "@context": { "@vocab": "https://www.variotdbs.pl/ref/type#", "sources": { "@container": "@list", "@context": { "@vocab": "https://www.variotdbs.pl/ref/sources#" } } }, "data": "other", "sources": [ { "db": "CNNVD", "id": "CNNVD-202109-1288" } ], "trust": 0.6 } }
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.