SB2021042807 - Multiple vulnerabilities in Apple tvOS
Published: April 28, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 35 secuirty vulnerabilities.
1) Improper Verification of Cryptographic Signature (CVE-ID: CVE-2021-1849)
The vulnerability allows a malicious application to bypass implemented security restrictions.
The vulnerability exists due to improper signature validation with in the AppleMobileFileIntegrity component. A malicious application can bypass Privacy preferences.
2) Input validation error (CVE-ID: CVE-2021-1740)
The vulnerability allows a local user to escalate privileges on the system.
The
vulnerability exists due to insufficient validation of directory paths.
A local user can modify protected parts of the filesystem.
3) Out-of-bounds read (CVE-ID: CVE-2021-30660)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within kernel. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of kernel memory on the system.
4) Race condition (CVE-ID: CVE-2021-30652)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a race condition within the libxpc library. A local user can exploit the race and gain unauthorized access to sensitive information and escalate privileges on the system.
5) Double Free (CVE-ID: CVE-2021-1875)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a double free error when processing files within the libxslt library. A remote attacker can trick the victim to open a specially crafted file, trigger heap corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Insecure Inherited Permissions (CVE-ID: CVE-2021-1822)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the MobileInstallation component. A local user can modify protected parts of the file system and escalate privileges.
7) Input validation error (CVE-ID: CVE-2021-1815)
The vulnerability allows a local user to escalate privileges on the system.The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.
8) Input validation error (CVE-ID: CVE-2021-1739)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to insufficient validation of directory paths. A local user can modify protected parts of the filesystem.
9) Security restrictions bypass (CVE-ID: CVE-2021-1868)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Tailspin component does not properly impose security restrictions. A local user can escalate privileges on the system.
10) Buffer overflow (CVE-ID: CVE-2021-1851)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within macOS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with kernel privileges.
11) Buffer overflow (CVE-ID: CVE-2021-1844)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
12) Universal cross-site scripting (CVE-ID: CVE-2021-1825)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
13) Buffer overflow (CVE-ID: CVE-2021-1817)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing web content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
14) Universal cross-site scripting (CVE-ID: CVE-2021-1826)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data within WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
15) Improper Initialization (CVE-ID: CVE-2021-1820)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper memory initialization in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it and disclose contents of process memory.
16) Use-after-free (CVE-ID: CVE-2021-30661)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing web content within the WebKit Storage component. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
17) Insecure Inherited Permissions (CVE-ID: CVE-2021-1832)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists within the kernel component, as copied files may not have the expected file permissions. A local user can abuse such behavior to elevate privileges on the system.
18) Buffer overflow (CVE-ID: CVE-2021-1816)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within OS kernel. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
19) Security restriction bypass (CVE-ID: CVE-2021-1836)
The vulnerability allows a local user to bypass intended security restrictions.
The vulnerability exists within Assets component. A local user is able to create or modify privileged files.
20) Buffer overflow (CVE-ID: CVE-2021-1882)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error within the Foundation component. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code on the system with root privileges.
21) Out-of-bounds read (CVE-ID: CVE-2021-1808)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the Audio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
22) Improper Initialization (CVE-ID: CVE-2021-1857)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to improper initialization within the CFNetwork component when processing crafted web content. A remote attacker can trick the victim to open a specially crafted webpage, trigger memory corruption and gain access to sensitive information.
23) Out-of-bounds read (CVE-ID: CVE-2021-1846)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio component. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
24) Out-of-bounds read (CVE-ID: CVE-2021-1809)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreAudio component. A local user can run a specially crafted program to trigger out-of-bounds read error and read contents of memory on the system.
25) Out-of-bounds read (CVE-ID: CVE-2021-1811)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the CoreText component when processing specially crafted font files. A remote attacker can create a specially crafted font file, trick the victim into opening a document or a web page that contains the malicious font, trigger out-of-bounds read error and read contents of memory on the system.
26) Out-of-bounds write (CVE-ID: CVE-2021-1881)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a boundary error when processing font files within the GetFDIndex function in libFontParser. A remote attacker can create a specially crafted OTF font, trick the victim into a document of a web page with the malicious font, trigger out-of-bounds write and execute arbitrary code on the target system.
27) Security restrictions bypass (CVE-ID: CVE-2021-1813)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to the Foundation component does not properly impose security restrictions. A local user can run a specially crafted program to escalate privileges on the system.
28) Out-of-bounds read (CVE-ID: CVE-2021-1860)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within macOS kernel. A local user can run a specially crafted program to trigger an out-of-bounds read error and read contents of memory on the system.
29) Heap-based buffer overflow (CVE-ID: CVE-2021-1883)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Heimdal when processing server messages. A remote attacker can trick the user to connect to a malicious server, send a specially crafted message, trigger heap-based buffer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
30) Race condition (CVE-ID: CVE-2021-1884)
The vulnerability allows a remote attacker to perform denial of service (DoS) attack.
The vulnerability exists due to a race condition in Heimdal. A remote attacker can crash the application.
31) Out-of-bounds read (CVE-ID: CVE-2021-1885)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the ImageIO component. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and execute arbitrary code on the system.
32) Input validation error (CVE-ID: CVE-2021-30653)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component A remote attacker can trick the victim to open a specially crafted image and execute arbitrary code on the system.
33) Input validation error (CVE-ID: CVE-2021-1843)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to insufficient validation of user-supplied input within the ImageIO component. A remote attacker can create a specially crafted image, trick the victim into opening it and execute arbitrary code on the system.
34) Out-of-bounds read (CVE-ID: CVE-2021-1858)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the DecodeRow function in ImageIO. A remote attacker can create a specially crafted KTX image, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
35) Use-after-free (CVE-ID: CVE-2021-1864)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing JavaScript in iTunes Store. A remote attacker can use a specially crafted JavaScript to trigger use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
Remediation
Install update from vendor's website.