SB2021052503 - Multiple vulnerabilities in Apple tvOS
Published: May 25, 2021 Updated: November 11, 2021
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 26 secuirty vulnerabilities.
1) Buffer overflow (CVE-ID: CVE-2021-30707)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in Audio subsystem. A remote attacker can create a specially crafted audio file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
2) Buffer overflow (CVE-ID: CVE-2021-30736)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to a boundary error in OS kernel subsystem. A local user can run a specially crafted program to trigger memory corruption and execute arbitrary code with elevated privileges.
3) Integer overflow (CVE-ID: CVE-2021-30663)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to integer overflow in WebKit. A remote attacker can create a specially crafted web page, trick the victim into visiting it, trigger integer overflow and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
4) Security features bypass (CVE-ID: CVE-2021-30720)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists in WebKit due to the way the component handles links to internal resources. A remote attacker can create a specially crafted web page and trick the application to connect to arbitrary internal addresses.
5) Buffer overflow (CVE-ID: CVE-2021-30734)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
6) Buffer overflow (CVE-ID: CVE-2021-30749)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing HTML content within the KeyframeEffect class in WebKit. A remote attacker can create a specially crafted web oage, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
7) Universal cross-site scripting (CVE-ID: CVE-2021-30689)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
8) Information disclosure (CVE-ID: CVE-2021-30682)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in webKit. A remote attacker can gain unauthorized access to sensitive user information.
9) Use-after-free (CVE-ID: CVE-2021-21779)
The vulnerability allows a remote attacker to compromise vulnerable system.
The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger a use-after-free error and execute arbitrary code on the system.
Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.
10) Universal cross-site scripting (CVE-ID: CVE-2021-30744)
The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data in WebKit. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
11) Buffer overflow (CVE-ID: CVE-2021-30665)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in WebKit. A remote attacker can create a specially crafted web page, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
Note, the vulnerability is being actively exploited in the wild.
12) Buffer overflow (CVE-ID: CVE-2021-30737)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error in the ASN.1 decoder when processing TLS certificates. A remote attacker can trick the victim to visit a specially crafted website, trigger memory corruption with a specially crafted TLS certificate and execute arbitrary code on the system.
13) Security features bypass (CVE-ID: CVE-2021-30677)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to a logic issue in LaunchServices. A local application can break out of its sandbox.
14) Input validation error (CVE-ID: CVE-2021-30715)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient validation of user-supplied input in OS Kernel subsystem. A remote attacker can send a specially crafted message to he system and perform a denial of service (DoS) attack.
15) Out-of-bounds read (CVE-ID: CVE-2021-30685)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition within the AudioToolboxCore framework in Audio subsystem. A remote attacker can create a specially crafted AAC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
16) Security restrictions bypass (CVE-ID: CVE-2021-30704)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
17) Security restrictions bypass (CVE-ID: CVE-2021-30740)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to improper privilege management in OS Kernel subsystem. A local user can execute arbitrary code on the system with kernel privileges.
18) Out-of-bounds read (CVE-ID: CVE-2021-30705)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted ASTC file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
19) Buffer overflow (CVE-ID: CVE-2021-30701)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error when processing image files in ImageIO. A remote attacker can create a specially crafted PICT image file, trick the victim into opening it, trigger memory corruption and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
20) Out-of-bounds read (CVE-ID: CVE-2021-30700)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
21) Out-of-bounds read (CVE-ID: CVE-2021-30687)
The vulnerability allows a remote attacker to gain access to potentially sensitive information.
The vulnerability exists due to a boundary condition in ImageIO. A remote attacker can create a specially crafted file, trick the victim into opening it, trigger out-of-bounds read error and read contents of memory on the system.
22) Buffer overflow (CVE-ID: CVE-2021-30710)
The vulnerability allows a malicious application to disclose sensitive information.
The vulnerability exists due to a boundary error in Heimdal. A malicious application can trigger memory corruption and cause a denial of service or potentially disclose memory contents.
23) Information disclosure (CVE-ID: CVE-2021-30697)
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists due to excessive data output by the application in Heimdal. A local user can gain unauthorized access to sensitive user information.
24) Security restrictoins bypass (CVE-ID: CVE-2021-30724)
The vulnerability allows a local user to escalate privileges on the system.
The vulnerability exists due to application does not properly impose security restrictions in CVMS. A local user can bypass security restrictions and escalate privileges on the system.
25) Security restrictions bypass (CVE-ID: CVE-2021-30727)
The vulnerability allows a local application to bypass implemented security restrictions.
The vulnerability exists due to application does not properly impose security restrictions in Crash reported component. A local application can modify protected parts of the file system.
26) Stack-based buffer overflow (CVE-ID: CVE-2021-30686)
The vulnerability allows a remote attacker to compromise the affected system.
The vulnerability exists due to a boundary condition within the
USACBitstreamReader function in AudioCodecs. A remote attacker can
create a specially crafted LOAS file, trick the victim into opening it,
trigger a stack-based buffer overflow and execute arbitrary code on the system.
Remediation
Install update from vendor's website.