Risk | Critical |
Patch available | YES |
Number of vulnerabilities | 50 |
CVE-ID | CVE-2021-1835 CVE-2021-1740 CVE-2021-1860 CVE-2021-1832 CVE-2021-30660 CVE-2021-30652 CVE-2021-1875 CVE-2021-1815 CVE-2021-1739 CVE-2021-1868 CVE-2021-1825 CVE-2021-1817 CVE-2021-1826 CVE-2021-1820 CVE-2021-30661 CVE-2020-7463 CVE-2021-1851 CVE-2021-1837 CVE-2021-1881 CVE-2021-1867 CVE-2021-1849 CVE-2021-1836 CVE-2021-1808 CVE-2021-1857 CVE-2021-1846 CVE-2021-1809 CVE-2021-30659 CVE-2021-1811 CVE-2021-1872 CVE-2021-1882 CVE-2021-1813 CVE-2021-30656 CVE-2021-1883 CVE-2021-1884 CVE-2021-1885 CVE-2021-30653 CVE-2021-1843 CVE-2021-1858 CVE-2021-1864 CVE-2021-1822 CVE-2021-1816 CVE-2021-1807 CVE-2021-1830 CVE-2021-1852 CVE-2021-1877 CVE-2021-1874 CVE-2021-1848 CVE-2021-1854 CVE-2021-1831 CVE-2021-1865 |
CWE-ID | CWE-264 CWE-20 CWE-125 CWE-277 CWE-362 CWE-415 CWE-79 CWE-119 CWE-665 CWE-416 CWE-295 CWE-787 CWE-347 CWE-200 CWE-399 CWE-122 |
Exploitation vector | Network |
Public exploit | Vulnerability #15 is being exploited in the wild. |
Vulnerable software Subscribe |
iPadOS Operating systems & Components / Operating system Apple iOS Operating systems & Components / Operating system |
Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 50 vulnerabilities.
Updated: 28.04.2021
Added vulnerabilities #43-50.
EUVDB-ID: #VU52677
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1835
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists within the Accessibility feature. An attacker with physical access to device can access notes from the lock screen.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52627
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1740
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to insufficient validation of directory paths.
A local user can modify protected parts of the filesystem.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52617
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1860
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52666
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1832
CWE-ID:
CWE-277 - Insecure inherited permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the kernel component, as copied files may not have the expected file permissions. A local user can abuse such behavior to elevate privileges on the system.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52667
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30660
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within kernel. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of kernel memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52621
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30652
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the libxpc library. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52622
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1875
CWE-ID:
CWE-415 - Double Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a double free error when processing files within the libxslt library. A remote attacker can trick the victim to open a specially crafted file, trigger heap corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52669
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1815
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52626
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1739
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52630
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1868
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Tailspin component does not properly impose security restrictions. A local user can escalate privileges on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52643
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1825
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52674
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1817
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52672
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1826
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52673
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1820
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52652
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-30661
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
EUVDB-ID: #VU46227
Risk: Low
CVSSv3.1: 5.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-7463
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error when processing SCTP messages. A local user can send large user messages from multiple threads on the same socket., trigger a use-after-free error and crash the system.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52619
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1851
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52678
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1837
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists due to improper certificate validation in App Store. A remote attacker on a privileged network position can intercept network traffic and perform MitM attack.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the local network (LAN).
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52609
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1881
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing font files within the GetFDIndex function in libFontParser. A remote attacker can create a specially crafted OTF font, trick the victim into a document of a web page with the malicious font, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52648
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1867
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
Description The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error when processing untrusted input within the Apple Neural Engine component. A local application can trigger an out-of-bounds read and execute arbitrary code on the target system with kernel privileges.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52647
Risk: Low
CVSSv3.1: 3.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1849
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists due to improper signature validation with in the AppleMobileFileIntegrity component. A malicious application can bypass Privacy preferences.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52679
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1836
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass intended security restrictions.
The vulnerability exists within Assets component. A local user is able to create or modify privileged files.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52599
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1808
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Audio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52600
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1857
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper initialization within the CFNetwork component when processing crafted web content. A remote attacker can trick the victim to open a specially crafted webpage, trigger memory corruption and gain access to sensitive information.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52654
Risk: Medium
CVSSv3.1: 4.6 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1846
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio component. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52603
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1809
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52655
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30659
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a validation issue within the CoreFoundation component. A malicious application can gain unauthorized access to sensitive information on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52605
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1811
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreText component when processing specially crafted font files. A remote attacker can create a specially crafted font file, trick the victim into opening a document or a web page that contains the malicious font, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52656
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1872
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper management of internal resources within FaceTime when muting a CallKit call, which results in muting not being enabled while ringing. A remote attacker can eavesdrop on conversation.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52614
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1882
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Foundation component. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with root privileges.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52612
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1813
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Foundation component does not properly impose security restrictions. A local user can run a specially crafted program to escalate privileges on the system.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52681
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30656
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to sensitive information.
The vulnerability exists in GPU driver. A local application can determine kernel memory layout.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52657
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1883
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heimdal when processing server messages. A remote attacker can trick the user to connect to a malicious server, send a specially crafted message, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52658
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1884
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a race condition in Heimdal. A remote attacker can crash the application.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52662
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1885
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the ImageIO component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and execute arbitrary code on the system.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52660
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-30653
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52615
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1843
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component. A remote attacker can create a specially crafted image, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52663
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1858
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DecodeRow function in ImageIO. A remote attacker can create a specially crafted KTX image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52682
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1864
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing JavaScript in iTunes Store. A remote attacker can use a specially crafted JavaScript to trigger use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
iPadOS: 14.0 18A373 - 14.4.2 18D70
Apple iOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52684
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1822
CWE-ID:
CWE-277 - Insecure inherited permissions
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the MobileInstallation component. A local user can modify protected parts of the file system and escalate privileges.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52683
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1816
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within OS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52685
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1807
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to write arbitrary files.
The vulnerability exists due to insufficient validation of user-supplied input. A local user can write arbitrary files to the system.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52697
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1830
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the kernel subsystem. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52696
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1852
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the kernel subsystem. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52695
Risk: Low
CVSSv3.1: 3.3 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1877
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the kernel subsystem. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52698
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1874
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to system does not properly impose security restrictions, which leads to security restrictions bypass and privilege escalation.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52703
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1848
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists within the Wallet component. A local user can view sensitive information in the app switcher.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52702
Risk: Low
CVSSv3.1: 3.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1854
CWE-ID:
CWE-399 - Resource Management Errors
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass gain access to sensitive information.
The vulnerability exists due to the way incoming calls are handled. A legacy cellular network can automatically answer an incoming call when an ongoing call ends or drops.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52701
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1831
CWE-ID: N/A
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists due to the way shortcuts are handled by the system. A local user can create shortcuts to restricted files and access them.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
EUVDB-ID: #VU52700
Risk: Low
CVSSv3.1: 2.1 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1865
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the Password Manager component that allows to view user's passwords on screen. An attacker with physical proximity to the device can eavesdrop on victim's passwords.
Install updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.4.2 18D70
iPadOS: 14.0 18A373 - 14.4.2 18D70
CPE2.3http://support.apple.com/en-us/HT212317
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.