Multiple Interpretations of UI Input in Apple iOS and iPadOS - CVE-2021-30948

 

Multiple Interpretations of UI Input in Apple iOS and iPadOS - CVE-2021-30948

Published: December 14, 2021


Vulnerability identifier: #VU58905
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-30948
CWE-ID: CWE-450
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows an attacker to gain access to sensitive information.

The vulnerability exists due to an inconsistent user interface issue in Password Manager application. An attacker with physical access to device can access stored passwords without authentication.


How to mitigate CVE-2021-30948

Install updates from vendor's website.

Sources