Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2021-30964 (GCVE-0-2021-30964)
Vulnerability from cvelistv5 – Published: 2021-08-24 18:51 – Updated: 2024-08-03 22:48
VLAI?
EPSS
Summary
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.
Severity ?
No CVSS data available.
CWE
- A malicious application may be able to bypass Privacy preferences
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
Impacted products
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T22:48:14.212Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212975"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212976"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://support.apple.com/en-us/HT212978"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "watchOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "8.3",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "iOS and iPadOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "15.2",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
},
{
"product": "macOS",
"vendor": "Apple",
"versions": [
{
"lessThan": "12.1",
"status": "affected",
"version": "unspecified",
"versionType": "custom"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "A malicious application may be able to bypass Privacy preferences",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-12-23T20:01:39.000Z",
"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"shortName": "apple"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212975"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212976"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://support.apple.com/en-us/HT212978"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.3"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "15.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "12.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to bypass Privacy preferences"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212975",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212975"
},
{
"name": "https://support.apple.com/en-us/HT212976",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212976"
},
{
"name": "https://support.apple.com/en-us/HT212978",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212978"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
"assignerShortName": "apple",
"cveId": "CVE-2021-30964",
"datePublished": "2021-08-24T18:51:03.000Z",
"dateReserved": "2021-04-13T00:00:00.000Z",
"dateUpdated": "2024-08-03T22:48:14.212Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2021-30964",
"date": "2026-04-13",
"epss": "0.00178",
"percentile": "0.39324"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2021-30964\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-08-24T19:15:22.390\",\"lastModified\":\"2024-11-21T06:05:03.607\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de permisos heredados con restricciones adicionales.\u0026#xa0;Este problema es corregido en macOS Monterey versi\u00f3n 12.1, watchOS versi\u00f3n 8.3, iOS versi\u00f3n 15.2 e iPadOS versi\u00f3n 15.2.\u0026#xa0;Una aplicaci\u00f3n maliciosa puede omitir las preferencias de privacidad\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:N/A:N\",\"baseScore\":4.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-732\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"CCE4E546-A0DD-4E9E-A6B9-C19B04D77466\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"15.2\",\"matchCriteriaId\":\"7FB904C1-43D1-4583-8729-5D1B1746A54C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.1\",\"matchCriteriaId\":\"88111C46-3A34-4814-B892-71EB5A9B6743\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"8.3\",\"matchCriteriaId\":\"7A7245FB-6FBE-4C09-80F5-18504CA623B3\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT212975\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212976\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212978\",\"source\":\"product-security@apple.com\"},{\"url\":\"https://support.apple.com/en-us/HT212975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://support.apple.com/en-us/HT212978\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
WID-SEC-W-2022-0489
Vulnerability from csaf_certbund - Published: 2021-12-13 23:00 - Updated: 2026-03-05 23:00Summary
Apple iOS: Mehrere Schwachstellen
Severity
Kritisch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Das Apple iOS (vormals iPhone OS) ist das Betriebssystem für das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.
Das Apple iPadOS ist das Betriebssystem für das von Apple entwickelte iPad.
Das Apple iPhone ist ein Mobiltelefon mit dem Betriebssystem iOS.
Das Apple iPad ist ein Tablet mit dem Betriebssystem iPadOS.
Angriff: Ein entfernter, anonymer, physischer oder lokaler Angreifer kann mehrere Schwachstellen in Apple iOS, Apple iPadOS, Apple iPhone und Apple iPad ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsmaßnahmen zu umgehen und Dateien zu manipulieren.
Betroffene Betriebssysteme: - iPhoneOS
- Sonstiges
References
{
"document": {
"aggregate_severity": {
"text": "kritisch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Das Apple iOS (vormals iPhone OS) ist das Betriebssystem f\u00fcr das von Apple entwickelte Smartphone iPhone, iPad und iPod Touch.\r\nDas Apple iPadOS ist das Betriebssystem f\u00fcr das von Apple entwickelte iPad.\r\nDas Apple iPhone ist ein Mobiltelefon mit dem Betriebssystem iOS.\r\nDas Apple iPad ist ein Tablet mit dem Betriebssystem iPadOS.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer, physischer oder lokaler Angreifer kann mehrere Schwachstellen in Apple iOS, Apple iPadOS, Apple iPhone und Apple iPad ausnutzen, um beliebigen Programmcode auszuf\u00fchren, beliebigen Programmcode mit Kernel-Privilegien auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen, Sicherheitsma\u00dfnahmen zu umgehen und Dateien zu manipulieren.",
"title": "Angriff"
},
{
"category": "general",
"text": "- iPhoneOS\n- Sonstiges",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2022-0489 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2022-0489.json"
},
{
"category": "self",
"summary": "WID-SEC-2022-0489 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2022-0489"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2021-12-13",
"url": "https://support.apple.com/en-us/HT212976"
},
{
"category": "external",
"summary": "CISA Known Exploited Vulnerabilities Catalog",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
},
{
"category": "external",
"summary": "CISA KEV CVE-2021-30952 von 2026-03-05",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Apple iOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-05T23:00:00.000+00:00",
"generator": {
"date": "2026-03-06T12:27:23.043+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2022-0489",
"initial_release_date": "2021-12-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-12-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-06-27T22:00:00.000+00:00",
"number": "2",
"summary": "Exploit aufgenommen"
},
{
"date": "2022-06-28T22:00:00.000+00:00",
"number": "3",
"summary": "Schreibfehler korrigiert"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "4",
"summary": "Exploit aufgenommen CVE-2021-30952"
}
],
"status": "final",
"version": "4"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.2",
"product": {
"name": "Apple iOS \u003c15.2",
"product_id": "T021275"
}
},
{
"category": "product_version",
"name": "15.2",
"product": {
"name": "Apple iOS 15.2",
"product_id": "T021275-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:iphone_os:15.2"
}
}
}
],
"category": "product_name",
"name": "iOS"
},
{
"category": "product_name",
"name": "Apple iPad",
"product": {
"name": "Apple iPad",
"product_id": "130413",
"product_identification_helper": {
"cpe": "cpe:/h:apple:ipad:-"
}
}
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003c15.2",
"product": {
"name": "Apple iPadOS \u003c15.2",
"product_id": "T021276"
}
},
{
"category": "product_version",
"name": "15.2",
"product": {
"name": "Apple iPadOS 15.2",
"product_id": "T021276-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:ipados:15.2"
}
}
}
],
"category": "product_name",
"name": "iPadOS"
},
{
"category": "product_name",
"name": "Apple iPhone",
"product": {
"name": "Apple iPhone",
"product_id": "693",
"product_identification_helper": {
"cpe": "cpe:/h:apple:iphone:-"
}
}
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30767",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30767"
},
{
"cve": "CVE-2021-30926",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30926"
},
{
"cve": "CVE-2021-30927",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30927"
},
{
"cve": "CVE-2021-30929",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30929"
},
{
"cve": "CVE-2021-30932",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30932"
},
{
"cve": "CVE-2021-30934",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30934"
},
{
"cve": "CVE-2021-30936",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30936"
},
{
"cve": "CVE-2021-30937",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30937"
},
{
"cve": "CVE-2021-30939",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30939"
},
{
"cve": "CVE-2021-30940",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30940"
},
{
"cve": "CVE-2021-30941",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30941"
},
{
"cve": "CVE-2021-30942",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30942"
},
{
"cve": "CVE-2021-30945",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30945"
},
{
"cve": "CVE-2021-30946",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30946"
},
{
"cve": "CVE-2021-30947",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30947"
},
{
"cve": "CVE-2021-30948",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30948"
},
{
"cve": "CVE-2021-30949",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30949"
},
{
"cve": "CVE-2021-30951",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30951"
},
{
"cve": "CVE-2021-30952",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30952"
},
{
"cve": "CVE-2021-30953",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30953"
},
{
"cve": "CVE-2021-30954",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30954"
},
{
"cve": "CVE-2021-30955",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30955"
},
{
"cve": "CVE-2021-30957",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30957"
},
{
"cve": "CVE-2021-30958",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30958"
},
{
"cve": "CVE-2021-30960",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30960"
},
{
"cve": "CVE-2021-30964",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30964"
},
{
"cve": "CVE-2021-30966",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30966"
},
{
"cve": "CVE-2021-30967",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30967"
},
{
"cve": "CVE-2021-30968",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30968"
},
{
"cve": "CVE-2021-30971",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30971"
},
{
"cve": "CVE-2021-30973",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30973"
},
{
"cve": "CVE-2021-30979",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30979"
},
{
"cve": "CVE-2021-30980",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30980"
},
{
"cve": "CVE-2021-30983",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30983"
},
{
"cve": "CVE-2021-30984",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30984"
},
{
"cve": "CVE-2021-30985",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30985"
},
{
"cve": "CVE-2021-30988",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30988"
},
{
"cve": "CVE-2021-30991",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30991"
},
{
"cve": "CVE-2021-30992",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30992"
},
{
"cve": "CVE-2021-30993",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30993"
},
{
"cve": "CVE-2021-30995",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30995"
},
{
"cve": "CVE-2021-30996",
"product_status": {
"known_affected": [
"693",
"130413",
"T021276",
"T021275"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30996"
}
]
}
WID-SEC-W-2026-0631
Vulnerability from csaf_certbund - Published: 2021-12-13 23:00 - Updated: 2026-03-05 23:00Summary
Apple macOS: Mehrere Schwachstellen
Severity
Hoch
Notes
Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.
Produktbeschreibung: Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.
Angriff: Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode auszuführen, beliebigen Programmcode mit Kernel-Privilegien auszuführen, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsmaßnahmen zu umgehen.
Betroffene Betriebssysteme: - MacOS X
References
{
"document": {
"aggregate_severity": {
"text": "hoch"
},
"category": "csaf_base",
"csaf_version": "2.0",
"distribution": {
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "de-DE",
"notes": [
{
"category": "legal_disclaimer",
"text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
},
{
"category": "description",
"text": "Apple macOS ist ein Betriebssystem, das auf FreeBSD und Mach basiert.",
"title": "Produktbeschreibung"
},
{
"category": "summary",
"text": "Ein entfernter, anonymer oder lokaler Angreifer kann mehrere Schwachstellen in Apple macOS ausnutzen, um beliebigen Programmcode auszuf\u00fchren, beliebigen Programmcode mit Kernel-Privilegien auszuf\u00fchren, seine Privilegien zu erweitern, vertrauliche Informationen offenzulegen, einen Denial-of-Service-Zustand zu verursachen und Sicherheitsma\u00dfnahmen zu umgehen.",
"title": "Angriff"
},
{
"category": "general",
"text": "- MacOS X",
"title": "Betroffene Betriebssysteme"
}
],
"publisher": {
"category": "other",
"contact_details": "csaf-provider@cert-bund.de",
"name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
"namespace": "https://www.bsi.bund.de"
},
"references": [
{
"category": "self",
"summary": "WID-SEC-W-2026-0631 - CSAF Version",
"url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2026-0631.json"
},
{
"category": "self",
"summary": "WID-SEC-2026-0631 - Portal Version",
"url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2026-0631"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2021-12-13",
"url": "https://support.apple.com/en-us/HT212978"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2021-12-13",
"url": "https://support.apple.com/en-us/HT212981"
},
{
"category": "external",
"summary": "Apple Security Advisroy vom 2021-12-13",
"url": "https://support.apple.com/en-us/HT212979"
},
{
"category": "external",
"summary": "Microsoft 365 Defender Research Team",
"url": "https://www.microsoft.com/security/blog/2022/01/10/new-macos-vulnerability-powerdir-could-lead-to-unauthorized-user-data-access/"
},
{
"category": "external",
"summary": "CISA KEV CVE-2021-30952 von 2026-03-05",
"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog"
}
],
"source_lang": "en-US",
"title": "Apple macOS: Mehrere Schwachstellen",
"tracking": {
"current_release_date": "2026-03-05T23:00:00.000+00:00",
"generator": {
"date": "2026-03-06T12:27:25.275+00:00",
"engine": {
"name": "BSI-WID",
"version": "1.5.0"
}
},
"id": "WID-SEC-W-2026-0631",
"initial_release_date": "2021-12-13T23:00:00.000+00:00",
"revision_history": [
{
"date": "2021-12-13T23:00:00.000+00:00",
"number": "1",
"summary": "Initiale Fassung"
},
{
"date": "2022-02-24T23:00:00.000+00:00",
"number": "2",
"summary": "PoC aufgenommen"
},
{
"date": "2026-03-05T23:00:00.000+00:00",
"number": "3",
"summary": "Exploit aufgenommen CVE-2021-30952"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version_range",
"name": "Monterey \u003c12.1",
"product": {
"name": "Apple macOS Monterey \u003c12.1",
"product_id": "T021280"
}
},
{
"category": "product_version",
"name": "Monterey 12.1",
"product": {
"name": "Apple macOS Monterey 12.1",
"product_id": "T021280-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:monterey__12.1"
}
}
},
{
"category": "product_version",
"name": "Catalina",
"product": {
"name": "Apple macOS Catalina",
"product_id": "T021281",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:catalina"
}
}
},
{
"category": "product_version_range",
"name": "Big Sur \u003c11.6.2",
"product": {
"name": "Apple macOS Big Sur \u003c11.6.2",
"product_id": "T021282"
}
},
{
"category": "product_version",
"name": "Big Sur 11.6.2",
"product": {
"name": "Apple macOS Big Sur 11.6.2",
"product_id": "T021282-fixed",
"product_identification_helper": {
"cpe": "cpe:/o:apple:mac_os:big_sur__11.6.2"
}
}
}
],
"category": "product_name",
"name": "macOS"
}
],
"category": "vendor",
"name": "Apple"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-30767",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30767"
},
{
"cve": "CVE-2021-30926",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30926"
},
{
"cve": "CVE-2021-30927",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30927"
},
{
"cve": "CVE-2021-30929",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30929"
},
{
"cve": "CVE-2021-30931",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30931"
},
{
"cve": "CVE-2021-30934",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30934"
},
{
"cve": "CVE-2021-30935",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30935"
},
{
"cve": "CVE-2021-30936",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30936"
},
{
"cve": "CVE-2021-30937",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30937"
},
{
"cve": "CVE-2021-30938",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30938"
},
{
"cve": "CVE-2021-30939",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30939"
},
{
"cve": "CVE-2021-30940",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30940"
},
{
"cve": "CVE-2021-30941",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30941"
},
{
"cve": "CVE-2021-30942",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30942"
},
{
"cve": "CVE-2021-30945",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30945"
},
{
"cve": "CVE-2021-30946",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30946"
},
{
"cve": "CVE-2021-30947",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30947"
},
{
"cve": "CVE-2021-30949",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30949"
},
{
"cve": "CVE-2021-30950",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30950"
},
{
"cve": "CVE-2021-30951",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30951"
},
{
"cve": "CVE-2021-30952",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30952"
},
{
"cve": "CVE-2021-30953",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30953"
},
{
"cve": "CVE-2021-30954",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30954"
},
{
"cve": "CVE-2021-30955",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30955"
},
{
"cve": "CVE-2021-30957",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30957"
},
{
"cve": "CVE-2021-30958",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30958"
},
{
"cve": "CVE-2021-30959",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30959"
},
{
"cve": "CVE-2021-30960",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30960"
},
{
"cve": "CVE-2021-30961",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30961"
},
{
"cve": "CVE-2021-30963",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30963"
},
{
"cve": "CVE-2021-30964",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30964"
},
{
"cve": "CVE-2021-30965",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30965"
},
{
"cve": "CVE-2021-30966",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30966"
},
{
"cve": "CVE-2021-30968",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30968"
},
{
"cve": "CVE-2021-30969",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30969"
},
{
"cve": "CVE-2021-30970",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30970"
},
{
"cve": "CVE-2021-30971",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30971"
},
{
"cve": "CVE-2021-30973",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30973"
},
{
"cve": "CVE-2021-30975",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30975"
},
{
"cve": "CVE-2021-30976",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30976"
},
{
"cve": "CVE-2021-30977",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30977"
},
{
"cve": "CVE-2021-30979",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30979"
},
{
"cve": "CVE-2021-30980",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30980"
},
{
"cve": "CVE-2021-30981",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30981"
},
{
"cve": "CVE-2021-30982",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30982"
},
{
"cve": "CVE-2021-30984",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30984"
},
{
"cve": "CVE-2021-30986",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30986"
},
{
"cve": "CVE-2021-30987",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30987"
},
{
"cve": "CVE-2021-30990",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30990"
},
{
"cve": "CVE-2021-30993",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30993"
},
{
"cve": "CVE-2021-30995",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30995"
},
{
"cve": "CVE-2021-30996",
"product_status": {
"known_affected": [
"T021280",
"T021282",
"T021281"
]
},
"release_date": "2021-12-13T23:00:00.000+00:00",
"title": "CVE-2021-30996"
}
]
}
CERTFR-2021-AVI-945
Vulnerability from certfr_avis - Published: 2021-12-14 - Updated: 2021-12-14
De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Apple | N/A | watchOS versions 8.x antérieures à 8.3 | ||
| Apple | N/A | iOS et iPadOS versions 15.x antérieures à 15.2 | ||
| Apple | macOS | macOS Monterey versions 12.x antérieures à 12.1 | ||
| Apple | macOS | macOS Big Sur versions 11.6.x antérieures à 11.6.2 | ||
| Apple | macOS | macOS Catalina versions antérieures à la mise à jour 2021-008 | ||
| Apple | N/A | tvOS versions 15.x antérieures à 15.2 |
References
| Title | Publication Time | Tags | ||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "watchOS versions 8.x ant\u00e9rieures \u00e0 8.3",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "iOS et iPadOS versions 15.x ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Monterey versions 12.x ant\u00e9rieures \u00e0 12.1",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Big Sur versions 11.6.x ant\u00e9rieures \u00e0 11.6.2",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "macOS Catalina versions ant\u00e9rieures \u00e0 la mise \u00e0 jour 2021-008",
"product": {
"name": "macOS",
"vendor": {
"name": "Apple",
"scada": false
}
}
},
{
"description": "tvOS versions 15.x ant\u00e9rieures \u00e0 15.2",
"product": {
"name": "N/A",
"vendor": {
"name": "Apple",
"scada": false
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2021-30993",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30993"
},
{
"name": "CVE-2021-30983",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30983"
},
{
"name": "CVE-2021-30971",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30971"
},
{
"name": "CVE-2021-30964",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30964"
},
{
"name": "CVE-2021-30957",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30957"
},
{
"name": "CVE-2021-30981",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30981"
},
{
"name": "CVE-2021-30939",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30939"
},
{
"name": "CVE-2021-30948",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30948"
},
{
"name": "CVE-2021-30767",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30767"
},
{
"name": "CVE-2021-30987",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30987"
},
{
"name": "CVE-2021-30992",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30992"
},
{
"name": "CVE-2021-30969",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30969"
},
{
"name": "CVE-2021-30963",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30963"
},
{
"name": "CVE-2021-30967",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30967"
},
{
"name": "CVE-2021-30951",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30951"
},
{
"name": "CVE-2021-30986",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30986"
},
{
"name": "CVE-2021-30916",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30916"
},
{
"name": "CVE-2021-30950",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30950"
},
{
"name": "CVE-2021-30976",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30976"
},
{
"name": "CVE-2021-30965",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30965"
},
{
"name": "CVE-2021-30966",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30966"
},
{
"name": "CVE-2021-30982",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30982"
},
{
"name": "CVE-2021-30941",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30941"
},
{
"name": "CVE-2021-30985",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30985"
},
{
"name": "CVE-2021-30958",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30958"
},
{
"name": "CVE-2021-30931",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30931"
},
{
"name": "CVE-2021-30960",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30960"
},
{
"name": "CVE-2021-30968",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30968"
},
{
"name": "CVE-2021-30945",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30945"
},
{
"name": "CVE-2021-30934",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30934"
},
{
"name": "CVE-2021-30947",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30947"
},
{
"name": "CVE-2021-30932",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30932"
},
{
"name": "CVE-2021-30979",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30979"
},
{
"name": "CVE-2021-30980",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30980"
},
{
"name": "CVE-2021-30973",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30973"
},
{
"name": "CVE-2021-30970",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30970"
},
{
"name": "CVE-2021-30996",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30996"
},
{
"name": "CVE-2021-30940",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30940"
},
{
"name": "CVE-2021-30954",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30954"
},
{
"name": "CVE-2021-30977",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30977"
},
{
"name": "CVE-2021-30942",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30942"
},
{
"name": "CVE-2021-30990",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30990"
},
{
"name": "CVE-2021-30929",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30929"
},
{
"name": "CVE-2021-30937",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30937"
},
{
"name": "CVE-2021-30936",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30936"
},
{
"name": "CVE-2021-30975",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30975"
},
{
"name": "CVE-2021-30953",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30953"
},
{
"name": "CVE-2021-30952",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30952"
},
{
"name": "CVE-2021-30949",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30949"
},
{
"name": "CVE-2021-30926",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30926"
},
{
"name": "CVE-2021-30946",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30946"
},
{
"name": "CVE-2021-30991",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30991"
},
{
"name": "CVE-2021-30935",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30935"
},
{
"name": "CVE-2021-30938",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30938"
},
{
"name": "CVE-2021-30955",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30955"
},
{
"name": "CVE-2021-30927",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30927"
},
{
"name": "CVE-2021-30988",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30988"
},
{
"name": "CVE-2021-30959",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30959"
},
{
"name": "CVE-2021-30984",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30984"
},
{
"name": "CVE-2021-30995",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30995"
},
{
"name": "CVE-2021-30961",
"url": "https://www.cve.org/CVERecord?id=CVE-2021-30961"
}
],
"initial_release_date": "2021-12-14T00:00:00",
"last_revision_date": "2021-12-14T00:00:00",
"links": [],
"reference": "CERTFR-2021-AVI-945",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2021-12-14T00:00:00.000000"
}
],
"risks": [
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
},
{
"description": "Ex\u00e9cution de code arbitraire"
},
{
"description": "D\u00e9ni de service"
},
{
"description": "Contournement de la politique de s\u00e9curit\u00e9"
},
{
"description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
},
{
"description": "\u00c9l\u00e9vation de privil\u00e8ges"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212979 du 13 d\u00e9cembre 2021",
"url": "https://support.apple.com/en-us/HT212979"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212981 du 13 d\u00e9cembre 2021",
"url": "https://support.apple.com/en-us/HT212981"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212976 du 13 d\u00e9cembre 2021",
"url": "https://support.apple.com/en-us/HT212976"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212975 du 13 d\u00e9cembre 2021",
"url": "https://support.apple.com/en-us/HT212975"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212978 du 13 d\u00e9cembre 2021",
"url": "https://support.apple.com/en-us/HT212978"
},
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Apple HT212980 du 13 d\u00e9cembre 2021",
"url": "https://support.apple.com/en-us/HT212980"
}
]
}
GSD-2021-30964
Vulnerability from gsd - Updated: 2023-12-13 01:23Details
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2021-30964",
"description": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.",
"id": "GSD-2021-30964"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2021-30964"
],
"details": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.",
"id": "GSD-2021-30964",
"modified": "2023-12-13T01:23:31.239161Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "product-security@apple.com",
"ID": "CVE-2021-30964",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "watchOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "8.3"
}
]
}
},
{
"product_name": "iOS and iPadOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "15.2"
}
]
}
},
{
"product_name": "macOS",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_value": "12.1"
}
]
}
}
]
},
"vendor_name": "Apple"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "A malicious application may be able to bypass Privacy preferences"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212975",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212975"
},
{
"name": "https://support.apple.com/en-us/HT212976",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212976"
},
{
"name": "https://support.apple.com/en-us/HT212978",
"refsource": "MISC",
"url": "https://support.apple.com/en-us/HT212978"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "8.3",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-30964"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://support.apple.com/en-us/HT212975",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212975"
},
{
"name": "https://support.apple.com/en-us/HT212978",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212978"
},
{
"name": "https://support.apple.com/en-us/HT212976",
"refsource": "MISC",
"tags": [
"Vendor Advisory"
],
"url": "https://support.apple.com/en-us/HT212976"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6
}
},
"lastModifiedDate": "2021-12-29T15:19Z",
"publishedDate": "2021-08-24T19:15Z"
}
}
}
VAR-202108-1279
Vulnerability from variot - Updated: 2024-08-14 12:08An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences. iPadOS , iOS , macOS Several Apple products, including the above, contain vulnerabilities related to improper assignment of permissions to important resources.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-12-15-6 watchOS 8.3
watchOS 8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212975.
Audio Available for: Apple Watch Series 3 and later Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)
ColorSync Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30926: Jeremy Brown CVE-2021-30942: Mateusz Jurczyk of Google Project Zero
CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab
CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab
Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)
ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero
Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab
Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security
Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics
Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security
TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics
TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30964: Andy Grant of Zoom Video Communications
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30934: Dani Biro
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab CVE-2021-30951: Pangu
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2021-30952: WeBin
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30984: Kunlun Lab
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30953: VRIJ
WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30954: Kunlun Lab
Additional recognition
Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance.
ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance.
Contacts We would like to acknowledge Minchan Park (03stin) for their assistance.
Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance.
WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance.
Installation note:
Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641
To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About".
Alternatively, on your watch, select "My Watch > General > About".
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1279",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.1"
},
{
"model": "ipados",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "iphone os",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "15.2"
},
{
"model": "watchos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "8.3"
},
{
"model": "watchos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "8.3"
},
{
"model": "macos",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ipados",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "ios",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165359"
}
],
"trust": 0.1
},
"cve": "CVE-2021-30964",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30964",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-390697",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30964",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-30964",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30964",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-30964",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2066",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-390697",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390697"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
},
{
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences. iPadOS , iOS , macOS Several Apple products, including the above, contain vulnerabilities related to improper assignment of permissions to important resources.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-12-15-6 watchOS 8.3\n\nwatchOS 8.3 addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212975. \n\nAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork Proxies\nAvailable for: Apple Watch Series 3 and later\nImpact: User traffic might unexpectedly be leaked to a proxy server\ndespite PAC configurations\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)\n\nColorSync\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue in the processing of ICC\nprofiles was addressed with improved input validation. \nCVE-2021-30926: Jeremy Brown\nCVE-2021-30942: Mateusz Jurczyk of Google Project Zero\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted audio file may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab\n\nCoreAudio\nAvailable for: Apple Watch Series 3 and later\nImpact: Playing a malicious audio file may lead to arbitrary code\nexecution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab\n\nCrash Reporter\nAvailable for: Apple Watch Series 3 and later\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nImageIO\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab, Mickey Jin (@patch1t) of Trend Micro\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption vulnerability was addressed with\nimproved locking. \nCVE-2021-30937: Sergei Glazunov of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30927: Xinru Chi of Pangu Lab\nCVE-2021-30980: Xinru Chi of Pangu Lab\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30949: Ian Beer of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: An attacker in a privileged network position may be able to\nexecute arbitrary code\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero\n\nKernel\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30955: Zweig of Kunlun Lab\n\nPreferences\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to elevate privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin\n(@patch1t)\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A validation issue related to hard link behavior was\naddressed with improved sandbox restrictions. \nCVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: A logic issue was addressed with improved restrictions. \nCVE-2021-30946: @gorelics\n\nSandbox\nAvailable for: Apple Watch Series 3 and later\nImpact: An application may be able to access a user\u0027s files\nDescription: An access issue was addressed with additional sandbox\nrestrictions. \nCVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30767: @gorelics\n\nTCC\nAvailable for: Apple Watch Series 3 and later\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30964: Andy Grant of Zoom Video Communications\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30934: Dani Biro\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua\nwingtecher lab\nCVE-2021-30951: Pangu\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-30952: WeBin\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30984: Kunlun Lab\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30953: VRIJ\n\nWebKit\nAvailable for: Apple Watch Series 3 and later\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A type confusion issue was addressed with improved\nmemory handling. \nCVE-2021-30954: Kunlun Lab\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge Haram Park, Korea University for their\nassistance. \n\nColorSync\nWe would like to acknowledge Mateusz Jurczyk of Google Project Zero\nfor their assistance. \n\nContacts\nWe would like to acknowledge Minchan Park (03stin) for their\nassistance. \n\nKernel\nWe would like to acknowledge Amit Klein of Bar-Ilan University\u0027s\nCenter for Research in Applied Cryptography and Cyber Security for\ntheir assistance. \n\nWebKit\nWe would like to acknowledge Peter Snyder of Brave and Soroush Karami\nfor their assistance. \n\nInstallation note:\n\nInstructions on how to update your Apple Watch software are\navailable at https://support.apple.com/kb/HT204641\n\nTo check the version on your Apple Watch, open the Apple Watch app\non your iPhone and select \"My Watch \u003e General \u003e About\". \n\nAlternatively, on your watch, select \"My Watch \u003e General \u003e About\". \n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p\nrhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn\nwkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1\neG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh\nTL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj\nt1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+\nwlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz\nxnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS\nrwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj\nFPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj\nzn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI\n1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "VULHUB",
"id": "VHN-390697"
},
{
"db": "VULMON",
"id": "CVE-2021-30964"
},
{
"db": "PACKETSTORM",
"id": "165359"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30964",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "165359",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.4260",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021121434",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2066",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-390697",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30964",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390697"
},
{
"db": "VULMON",
"id": "CVE-2021-30964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
},
{
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"id": "VAR-202108-1279",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390697"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:08:10.814000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212976 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212975"
},
{
"title": "Apple iOS and iPadOS Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176530"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-732",
"trust": 1.1
},
{
"problemtype": "Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390697"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht212976"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212975"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212978"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30964"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.4260"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165359/apple-security-advisory-2021-12-15-6.html"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021121434"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30966"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30936"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30926"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30984"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30957"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30953"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30958"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30952"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30927"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht204641"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30945"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30939"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30955"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30951"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30937"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30954"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30934"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30968"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30980"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212975."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30949"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30767"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30947"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30942"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390697"
},
{
"db": "VULMON",
"id": "CVE-2021-30964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
},
{
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390697"
},
{
"db": "VULMON",
"id": "CVE-2021-30964"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"db": "PACKETSTORM",
"id": "165359"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
},
{
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390697"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30964"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"date": "2021-12-17T19:20:06",
"db": "PACKETSTORM",
"id": "165359"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2066"
},
{
"date": "2021-08-24T19:15:22.390000",
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-12-29T00:00:00",
"db": "VULHUB",
"id": "VHN-390697"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30964"
},
{
"date": "2024-07-18T01:44:00",
"db": "JVNDB",
"id": "JVNDB-2021-021136"
},
{
"date": "2021-12-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2066"
},
{
"date": "2023-11-07T03:34:05.330000",
"db": "NVD",
"id": "CVE-2021-30964"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Vulnerabilities related to improper assignment of permissions to critical resources in multiple Apple products",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021136"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2066"
}
],
"trust": 0.6
}
}
FKIE_CVE-2021-30964
Vulnerability from fkie_nvd - Published: 2021-08-24 19:15 - Updated: 2024-11-21 06:05
Severity ?
Summary
An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.
References
| URL | Tags | ||
|---|---|---|---|
| product-security@apple.com | https://support.apple.com/en-us/HT212975 | ||
| product-security@apple.com | https://support.apple.com/en-us/HT212976 | ||
| product-security@apple.com | https://support.apple.com/en-us/HT212978 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212975 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212976 | ||
| af854a3a-2127-422b-91ae-364da2661108 | https://support.apple.com/en-us/HT212978 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE4E546-A0DD-4E9E-A6B9-C19B04D77466",
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB904C1-43D1-4583-8729-5D1B1746A54C",
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "88111C46-3A34-4814-B892-71EB5A9B6743",
"versionEndExcluding": "12.1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7245FB-6FBE-4C09-80F5-18504CA623B3",
"versionEndExcluding": "8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences."
},
{
"lang": "es",
"value": "Se abord\u00f3 un problema de permisos heredados con restricciones adicionales.\u0026#xa0;Este problema es corregido en macOS Monterey versi\u00f3n 12.1, watchOS versi\u00f3n 8.3, iOS versi\u00f3n 15.2 e iPadOS versi\u00f3n 15.2.\u0026#xa0;Una aplicaci\u00f3n maliciosa puede omitir las preferencias de privacidad"
}
],
"id": "CVE-2021-30964",
"lastModified": "2024-11-21T06:05:03.607",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-24T19:15:22.390",
"references": [
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/en-us/HT212975"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/en-us/HT212976"
},
{
"source": "product-security@apple.com",
"url": "https://support.apple.com/en-us/HT212978"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/en-us/HT212975"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/en-us/HT212976"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://support.apple.com/en-us/HT212978"
}
],
"sourceIdentifier": "product-security@apple.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Loading…
Show additional events:
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…