Multiple vulnerabilities in Apple iOS and iPadOS
| Risk | Critical |
| Patch available | YES |
| Number of vulnerabilities | 55 |
| CVE-ID | CVE-2021-1782 CVE-2021-1871 CVE-2021-1870 CVE-2021-1761 CVE-2021-1797 CVE-2021-1794 CVE-2021-1795 CVE-2021-1796 CVE-2021-1780 CVE-2021-1760 CVE-2021-1747 CVE-2021-1776 CVE-2021-1759 CVE-2021-1772 CVE-2021-1792 CVE-2021-1786 CVE-2021-1787 CVE-2021-1791 CVE-2021-1758 CVE-2021-1773 CVE-2021-1766 CVE-2021-1785 CVE-2021-1744 CVE-2021-1818 CVE-2021-1742 CVE-2021-1746 CVE-2021-1754 CVE-2021-1774 CVE-2021-1777 CVE-2021-1793 CVE-2021-1741 CVE-2021-1743 CVE-2021-1778 CVE-2021-1783 CVE-2021-1757 CVE-2021-1748 CVE-2021-1764 CVE-2021-1750 CVE-2021-1781 CVE-2021-1763 CVE-2021-1768 CVE-2021-1745 CVE-2021-1762 CVE-2021-1767 CVE-2021-1753 CVE-2021-1756 CVE-2021-1769 CVE-2021-1788 CVE-2021-1789 CVE-2021-1801 CVE-2021-1799 CVE-2021-1737 CVE-2021-1738 CVE-2021-1838 CVE-2021-30869 |
| CWE-ID | CWE-362 CWE-840 CWE-20 CWE-264 CWE-125 CWE-787 CWE-665 CWE-119 CWE-121 CWE-79 CWE-416 CWE-200 CWE-122 CWE-287 CWE-843 |
| Exploitation vector | Network |
| Public exploit |
Vulnerability #1 is being exploited in the wild. Vulnerability #2 is being exploited in the wild. Vulnerability #3 is being exploited in the wild. Vulnerability #49 is being exploited in the wild. Vulnerability #55 is being exploited in the wild. |
| Vulnerable software Subscribe |
Apple iOS Operating systems & Components / Operating system iPadOS Operating systems & Components / Operating system |
| Vendor | Apple Inc. |
Security Bulletin
This security bulletin contains information about 55 vulnerabilities.
1) Race condition
EUVDB-ID: #VU50045
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-1782
Exploit availability: Yes
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to a race condition in the Kernel component. A remote attacker can use a malicious application and escalate privileges on the system.
Note: The vulnerability is being actively exploited in the wild.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.3 18C66
iPadOS: 14.0 18A373 - 14.3 18C66
CPE2.3- cpe:2.3:o:apple:apple_ios:14.3:18C66:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:14.2:18B92:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:14.1:18A8395:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:14.0:18A373:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:14.3:18C66:*:*:*:*:*:*
http://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
2) Business Logic Errors
EUVDB-ID: #VU50044
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-1871
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.
Note: The vulnerability is being actively exploited in the wild.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.3 18C66
iPadOS: 14.0 18A373 - 14.3 18C66
CPE2.3- cpe:2.3:o:apple:apple_ios:14.3:18C66:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:14.2:18B92:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:14.1:18A8395:*:*:*:*:*:*
- cpe:2.3:o:apple:apple_ios:14.0:18A373:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:14.3:18C66:*:*:*:*:*:*
http://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
3) Business Logic Errors
EUVDB-ID: #VU50043
Risk: Critical
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-1870
CWE-ID:
CWE-840 - Business Logic Errors (3.0)
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the system.
The vulnerability exists due to a logic issue in the WebKit component. A remote attacker can trick a victim to visit a malicious website and execute arbitrary code on the system.
Note: The vulnerability is being actively exploited in the wild.
MitigationInstall updates from vendor's website.
Vulnerable software versionsApple iOS: 14.0 18A373 - 14.3 18C66
iPadOS: 14.0 18A373 - 14.3 18C66
CPE2.3- cpe:2.3:o:apple:apple_ios:14.2:18B92:*:*:*:*:*:
- cpe:2.3:o:apple:apple_ios:14.1:18A8395:*:*:*:*:*:
- cpe:2.3:o:apple:apple_ios:14.0:18A373:*:*:*:*:*:
- cpe:2.3:o:apple:apple_ios:14.3:18C66:*:*:*:*:*:
- cpe:2.3:o:apple:ipados:14.3:18C66:*:*:*:*:*:
http://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
4) Input validation error
EUVDB-ID: #VU50178
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1761
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Analytics component in macOS. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50179
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1797
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to read arbitrary files on the system.
The vulnerability exists due to application does not properly impose security restrictions within the APFS component in macOS. A local user can read arbitrary files on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Out-of-bounds read
EUVDB-ID: #VU53783
Risk: Low
CVSSv3.1: 3.7 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1794
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in Bluetooth subsystem. An attacker with physical proximity to the device can send specially crafted packets to the system, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Out-of-bounds write
EUVDB-ID: #VU53784
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1795
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Bluetooth subsystem. An attacker with physical proximity to the device can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Out-of-bounds write
EUVDB-ID: #VU53785
Risk: Low
CVSSv3.1: 5.6 [CVSS:3.1/AV:P/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1796
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows an attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input in Bluetooth subsystem. An attacker with physical proximity to the device can trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Improper Initialization
EUVDB-ID: #VU53786
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1780
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows an attacker to perform DoS attack.
The vulnerability exists due to improper initialization within the Bluetooth subsystem. An attacker with physical proximity to device can send specially crafted packets to the system and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Buffer overflow
EUVDB-ID: #VU50181
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1760
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the CoreAnimation component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Out-of-bounds write
EUVDB-ID: #VU50182
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1747
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the CoreAudio component in macOS. A remote attacker can trick the victim into visit a specially crafted website, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Out-of-bounds write
EUVDB-ID: #VU50183
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1776
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing fonts within the CoreGraphics component in macOS. A remote attacker can create a specially crafted website or document, trick the victim into opening it, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
13) Out-of-bounds read
EUVDB-ID: #VU50184
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1759
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreMedia component in macOS. A remote attacker can create a specially crafted image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
14) Stack-based buffer overflow
EUVDB-ID: #VU50185
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1772
CWE-ID:
CWE-121 - Stack-based buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the CoreText component in macOS within the parsing of TTF fonts. A remote attacker can create a specially crafted text file, trick the victim into opening it, trigger a stack-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
15) Out-of-bounds read
EUVDB-ID: #VU50186
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1792
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreText component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
16) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50188
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1786
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions within the Crash Reporter component in macOS. A local user can create or modify system files and escalate privileges on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
17) Input validation error
EUVDB-ID: #VU50187
Risk: Low
CVSSv3.1: 4.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1787
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a local user to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input within the Crash Reporter component in macOS. A local user can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
18) Out-of-bounds read
EUVDB-ID: #VU50191
Risk: Low
CVSSv3.1: 4.9 [CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:C/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1791
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the FairPlay component in macOS. A local application can trigger out-of-bounds read error and read contents of kernel memory.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
19) Out-of-bounds read
EUVDB-ID: #VU50195
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1758
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing font files within the FontParser component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
20) Input validation error
EUVDB-ID: #VU50199
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1773
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can pass specially crafted file to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
21) Input validation error
EUVDB-ID: #VU50203
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1766
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
22) Out-of-bounds read
EUVDB-ID: #VU50202
Risk: Medium
CVSSv3.1: 6.2 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1785
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
23) Out-of-bounds write
EUVDB-ID: #VU50213
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1744
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
24) Buffer overflow
EUVDB-ID: #VU50204
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1818
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
25) Input validation error
EUVDB-ID: #VU50205
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1742
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
26) Input validation error
EUVDB-ID: #VU50206
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1746
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
27) Input validation error
EUVDB-ID: #VU50207
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1754
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
28) Input validation error
EUVDB-ID: #VU50208
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1774
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
29) Input validation error
EUVDB-ID: #VU50209
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1777
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
30) Input validation error
EUVDB-ID: #VU50210
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1793
CWE-ID:
CWE-20 - Improper input validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it and execute arbitrary code on the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
31) Out-of-bounds read
EUVDB-ID: #VU50197
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1741
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
32) Out-of-bounds read
EUVDB-ID: #VU50198
Risk: Medium
CVSSv3.1: 5.2 [CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:N/A:L/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1743
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
33) Out-of-bounds read
EUVDB-ID: #VU50200
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1778
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition when processing image files within the curl implementation in the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and crash the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
34) Buffer overflow
EUVDB-ID: #VU50196
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1783
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted document, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
35) Out-of-bounds read
EUVDB-ID: #VU50215
Risk: Low
CVSSv3.1: 6.8 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1757
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary condition within the IOSkywalkFamily component in macOS. A local user can run a specially crafted program to trigger out-of-bounds read error and escalate privileges on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
36) Cross-site scripting
EUVDB-ID: #VU53787
Risk: Medium
CVSSv3.1: 5.3 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1748
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within iTunes Store. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
37) Use-after-free
EUVDB-ID: #VU50217
Risk: Medium
CVSSv3.1: 5.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1764
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a use-after-free error within the kernel subsystem. A remote attacker can trick the victim to open a specially crafted file and crash the system.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
38) Permissions, Privileges, and Access Controls
EUVDB-ID: #VU50218
Risk: Low
CVSSv3.1: 7.7 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1750
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a local application to escalate privileges on the system.
The vulnerability exists due to logic error within the kernel subsystem. A local application can execute arbitrary code with kernel privileges.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
39) Information disclosure
EUVDB-ID: #VU53403
Risk: Low
CVSSv3.1: 2.9 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1781
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a local application to gain access to potentially sensitive information.
The vulnerability exists due to a privacy issue in the handling of Contact cards. A local application can gain unauthorized access to sensitive private data.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
40) Buffer overflow
EUVDB-ID: #VU50222
Risk: Low
CVSSv3.1: 5.9 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1763
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
Descriptionwhen processing untrusted input within the Model I/O component in macOS. An attacker can use a specially crafted USD file to crash the system or execute arbitrary code.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
41) Out-of-bounds read
EUVDB-ID: #VU50227
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1768
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary condition when processing USB files in the Model I/O component in macOS. A local user can insert a specially crafted USB drive, trigger out-of-bounds read error and crash the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
42) Out-of-bounds read
EUVDB-ID: #VU50225
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1745
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary condition when processing USB files in the Model I/O component in macOS. A local user can insert a specially crafted USB drive, trigger out-of-bounds read error and crash the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
43) Out-of-bounds write
EUVDB-ID: #VU50221
Risk: Low
CVSSv3.1: 6.6 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1762
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a local attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing untrusted input within the Model I/O component in macOS. An attacker can use a specially crafted USD file to crash the system or execute arbitrary code.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
44) Heap-based buffer overflow
EUVDB-ID: #VU50224
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1767
CWE-ID:
CWE-122 - Heap-based Buffer Overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error within the Model I/O component in macOS. A remote attacker can pass specially crafted file, trick the victim into opening it,, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
45) Out-of-bounds read
EUVDB-ID: #VU50226
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1753
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a local user to crash the system.
The vulnerability exists due to a boundary condition when processing USB files in the Model I/O component in macOS. A local user can insert a specially crafted USB drive, trigger out-of-bounds read error and crash the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
46) Information disclosure
EUVDB-ID: #VU53788
Risk: Low
CVSSv3.1: 4 [CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1756
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows an attacker to gain access to potentially sensitive information.
The vulnerability exists due to a lock screen issue in the Phone Keypad. An attacker with physical proximity to device can access private contact information on a locked device.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. The attacker should have physical access to the system in order to successfully exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
47) Improper Authentication
EUVDB-ID: #VU50230
Risk: Low
CVSSv3.1: 3 [CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1769
CWE-ID:
CWE-287 - Improper Authentication
Exploit availability: No
DescriptionThe vulnerability allows a local user to bypass authentication process.
The vulnerability exists due to an error in when processing authentication requests within the Swift component in macOS. A local user with arbitrary read and write capability may be able to bypass Pointer Authentication.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
48) Use-after-free
EUVDB-ID: #VU50231
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1788
CWE-ID:
CWE-416 - Use After Free
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
49) Type Confusion
EUVDB-ID: #VU50234
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-1789
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a type confusion error in WebKit. A remote attacker can trick the victim to open a specially crafted website, trigger a type confusion error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
50) Security restrictions bypass
EUVDB-ID: #VU50233
Risk: Medium
CVSSv3.1: 4.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1801
CWE-ID:
CWE-264 - Permissions, Privileges, and Access Controls
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to escalate privileges on the system.
The vulnerability exists due to application does not properly impose sanboxing policy in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and bypass implemented security restrictions.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
51) Information disclosure
EUVDB-ID: #VU50235
Risk: Medium
CVSSv3.1: 4.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1799
CWE-ID:
CWE-200 - Information exposure
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a port redirection issue in WebRTC. A remote attacker can gain unauthorized access to sensitive information, such as open ports in the local network.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
52) Out-of-bounds write
EUVDB-ID: #VU50211
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1737
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
53) Out-of-bounds write
EUVDB-ID: #VU50212
Risk: High
CVSSv3.1: 7.7 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1738
CWE-ID:
CWE-787 - Out-of-bounds write
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing image files within the ImageIO component in macOS. A remote attacker can create a specially crafted file, trick the victim into opening it using the affected software, trigger out-of-bounds write and execute arbitrary code on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
54) Out-of-bounds read
EUVDB-ID: #VU53789
Risk: Low
CVSSv3.1: 3.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2021-1838
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the ImageIO framework. A remote attacker can create a specially crafted PICT image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
MitigationInstall update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
55) Type Confusion
EUVDB-ID: #VU56845
Risk: High
CVSSv3.1: 8.4 [CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H/E:H/RL:O/RC:C]
CVE-ID: CVE-2021-30869
CWE-ID:
CWE-843 - Type confusion
Exploit availability: No
DescriptionThe vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a type confusion error within the XNU subsystem. A local user can run a specially crafted program to trigger a type confusion error and execute arbitrary code with elevated privileges.
Note, the vulnerability is being actively exploited in the wild.
Install update from vendor's website.
Vulnerable software versionsiPadOS: 14.0 18A373 - 14.3 18C66
Apple iOS: before 14.4 18D52
CPE2.3 External linkshttp://support.apple.com/en-us/HT212146
Q & A
Can this vulnerability be exploited remotely?
No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.
Is there known malware, which exploits this vulnerability?
Yes. This vulnerability is being exploited in the wild.
