Multiple Interpretations of UI Input in Apple iOS and iPadOS - CVE-2021-30948
Published: December 14, 2021
Vulnerability identifier: #VU58905
CSH Severity: Medium
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green
CVE-ID: CVE-2021-30948
CWE-ID: CWE-450
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Detailed vulnerability description
The vulnerability allows an attacker to gain access to sensitive information.
The vulnerability exists due to an inconsistent user interface issue in Password Manager application. An attacker with physical access to device can access stored passwords without authentication.
How to mitigate CVE-2021-30948
Install updates from vendor's website.