SB2021052505 - Multiple vulnerabilities in Apple iOS and iPadOS
Published: May 25, 2021 Updated: June 3, 2022
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 43 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2021-30707)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio subsystem. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Universal cross-site scripting (CVE-ID: CVE-2021-30744)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
3) Out-of-bounds write (CVE-ID: CVE-2021-30725)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted USD file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
4) Out-of-bounds read (CVE-ID: CVE-2021-30746)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
5) Out-of-bounds write (CVE-ID: CVE-2021-30693)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Model I/O. A remote attacker can create a specially crafted image file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
6) Out-of-bounds read (CVE-ID: CVE-2021-30695)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
7) Out-of-bounds read (CVE-ID: CVE-2021-30708)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
8) Out-of-bounds read (CVE-ID: CVE-2021-30709)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
9) Buffer overflow (CVE-ID: CVE-2021-30737)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption with a specially crafted TLS certificate and execute arbitrary code on the system.
10) Use-after-free (CVE-ID: CVE-2021-21779)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
11) Out-of-bounds read (CVE-ID: CVE-2021-30692)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
12) Information disclosure (CVE-ID: CVE-2021-30682)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in webKit. A remote attacker can gain unauthorized access to sensitive user information.
13) Universal cross-site scripting (CVE-ID: CVE-2021-30689)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
14) Buffer overflow (CVE-ID: CVE-2021-30749)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the KeyframeEffect class in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
15) Buffer overflow (CVE-ID: CVE-2021-30734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
16) Security features bypass (CVE-ID: CVE-2021-30720)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in WebKit due to the way the component handles links to internal resources. A remote attacker can create a specially crafted web page and trick the application to connect to arbitrary internal addresses.
17) NULL pointer dereference (CVE-ID: CVE-2021-23841)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error within the X509_issuer_and_serial_hash() function when parsing the issuer field in the X509 certificate. A remote attacker can supply a specially crafted certificate, trigger a NULL pointer dereference error and perform a denial of service (DoS) attack.
18) NULL pointer dereference (CVE-ID: CVE-2021-30698)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a NULL pointer dereference error in webRTC. A remote attacker can pass specially crafted data to the application and perform a denial of service (DoS) attack.
19) Out-of-bounds read (CVE-ID: CVE-2021-30694)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
20) Out-of-bounds read (CVE-ID: CVE-2021-30691)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
21) Out-of-bounds read (CVE-ID: CVE-2021-30685)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the AudioToolboxCore framework in Audio subsystem. A remote attacker can create a specially crafted AAC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
22) Out-of-bounds read (CVE-ID: CVE-2021-30687)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
23) UNIX symbolic link following (CVE-ID: CVE-2021-30681)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a symlink following issue within the Core Services subsystem. A local user can create a specially crafted symbolic link to a critical file on the system and overwrite it with privileges of the application.
Successful exploitation of this vulnerability may result in privilege escalation.
24) Stack-based buffer overflow (CVE-ID: CVE-2021-30686)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the
USACBitstreamReader function in AudioCodecs. A remote attacker can
create a specially crafted LOAS file, trick the victim into opening it,
trigger a stack-based buffer overflow and execute arbitrary code on the system.
25) Security restrictions bypass (CVE-ID: CVE-2021-30727)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions in Crash reported component. A local application can modify protected parts of the file system.
26) Security restrictoins bypass (CVE-ID: CVE-2021-30724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in CVMS. A local user can bypass security restrictions and escalate privileges on the system.
27) Information disclosure (CVE-ID: CVE-2021-30697)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Heimdal. A local user can gain unauthorized access to sensitive user information.
28) Buffer overflow (CVE-ID: CVE-2021-30710)
The vulnerability allows a malicious application to disclose sensitive information.
The vulnerability exists due to a boundary error in Heimdal. A malicious application can trigger memory corruption and cause a denial of service or potentially disclose memory contents.
29) Out-of-bounds read (CVE-ID: CVE-2021-30700)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
30) Out-of-bounds read (CVE-ID: CVE-2021-30723)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Model I/O subsystem. A remote attacker can create a specially crafted USD file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
31) Buffer overflow (CVE-ID: CVE-2021-30701)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in ImageIO. A remote attacker can create a specially crafted PICT image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
32) Out-of-bounds read (CVE-ID: CVE-2021-30705)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted ASTC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
33) Security restrictions bypass (CVE-ID: CVE-2021-30740)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
34) Security restrictions bypass (CVE-ID: CVE-2021-30704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
35) Input validation error (CVE-ID: CVE-2021-30715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in OS Kernel subsystem. A remote attacker can send a specially crafted message to he system and perform a denial of service (DoS) attack.
36) Buffer overflow (CVE-ID: CVE-2021-30736)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
37) Security features bypass (CVE-ID: CVE-2021-30677)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in LaunchServices. A local application can break out of its sandbox.
38) Race condition (CVE-ID: CVE-2021-30714)
The vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to a race condition in AVEVideoEncoder. A local application can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
39) Data Handling (CVE-ID: CVE-2021-30729)
The vulnerability allows a remote attacker to perform a DoS attack.
The vulnerability exists due to a login issue in the CommCenter component. A device may accept invalid activation results, which in turn can lead to denial of service.
40) Improper access control (CVE-ID: CVE-2021-30674)
The vulnerability allows a local application to gain unauthorized access to otherwise restricted information.
The vulnerability exists due to improper access restrictions in Kernel subsystem. A local application can bypass implemented security restrictions and disclose restricted memory.
41) Use-after-free (CVE-ID: CVE-2021-30741)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing email messages in Mail component. A remote attacker can send a specially crafted email message, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
42) Resource management error (CVE-ID: CVE-2021-30699)
The vulnerability allows a local attacker to gain access to sensitive information.
The vulnerability exists due to improper window management within the Notes application. An attacker with physical access to device can view restricted content from the lockscreen.
43) Algorithm Downgrade (CVE-ID: CVE-2021-30667)
The vulnerability allows a remote attacker to perform MitM attack.
The vulnerability exists within the Wi-Fi component. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism.
Remediation
Install update from vendor's website.