Improper Initialization in Apple iOS and iPadOS - CVE-2021-1780
Published: June 3, 2021
Vulnerability identifier: #VU53786
CSH Severity: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1780
CWE-ID: CWE-665
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows an attacker to perform DoS attack.
The vulnerability exists due to improper initialization within the Bluetooth subsystem. An attacker with physical proximity to device can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Remediation
Install updates from vendor's website.