#VU56067 Integer overflow in Apple iOS and iPadOS


Published: 2021-12-26 | Updated: 2021-12-30

Vulnerability identifier: #VU56067

Vulnerability risk: Critical

CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]

CVE-ID: CVE-2021-30860

CWE-ID: CWE-190

Exploitation vector: Network

Exploit availability: Yes

Vulnerable software:
Apple iOS
Operating systems & Components / Operating system
iPadOS
Operating systems & Components / Operating system

Vendor: Apple Inc.

Description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

Mitigation
Install update from vendor's website.

Vulnerable software versions

Apple iOS: 14.7 18G69 - 14.7.1 18G82, 14.5 18E199 - 14.5.1 18E212, 14.2 18B92 - 14.2.1 18B121, 14.0 18A373 - 14.0.1 18A393, 14.4 18D52 - 14.4.2 18D70

iPadOS: 14.0 18A373 - 14.7.1 18G82

External links
http://citizenlab.ca/2021/08/bahrain-hacks-activists-with-nso-group-zero-click-iphone-exploits/
http://support.apple.com/en-us/HT212807

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.


Latest bulletins with this vulnerability


Multiple vulnerabilities in Oracle Solaris
Gentoo update for Poppler
Slackware Linux update for poppler
Multiple vulnerabilities in Apple iOS 12
Remote code execution in Apple watchOS
Remote code execution in Apple macOS Catalina
Multiple vulnerabilities in Apple macOS Big Sur
Remote code execution in Apple iOS