Improper Initialization in Apple iOS and iPadOS - CVE-2021-1780

 

Improper Initialization in Apple iOS and iPadOS - CVE-2021-1780

Published: June 3, 2021


Vulnerability identifier: #VU53786
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1780
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker to perform DoS attack.

The vulnerability exists due to improper initialization within the Bluetooth subsystem. An attacker with physical proximity to device can send specially crafted packets to the system and perform a denial of service (DoS) attack.


How to mitigate CVE-2021-1780

Install updates from vendor's website.

Sources