Main Vulnerability Database Vulnerabilities #VU58904

Permissions, Privileges, and Access Controls in Apple iOS and iPadOS - CVE-2021-30932

Published: December 14, 2021

Vulnerability identifier: #VU58904

CSH Severity: Low

CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-30932

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a local attacker to gain access to sensitive information.

The vulnerability exists due to incorrect permissions logic in the Notes application. An attacker with physical access to device can access contacts from the lock screen.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT212976

Permissions, Privileges, and Access Controls in Apple iOS and iPadOS - CVE-2021-30932

Description

Remediation

External links

Please verify you're human