8351 matches found
CVE-2021-30870
CVE-2021-30870 is a logic issue in how Apple iOS/iPadOS handles document loads. The vulnerability stems from handling of loading HTML attachments in notes, with the root cause described as an issue in state management. It is fixed in iOS 15 and iPadOS 15. Affected behavior could allow previewing ...
CVE-2021-30867
The issue was addressed with improved authentication. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access photo metadata without needing permission to access photos...
CVE-2021-30867
The CVE-2021-30867 issue affects Apple iOS/iPadOS and was addressed in iOS 15 / iPadOS 15. A malicious application could access photo metadata without requiring permission to access photos due to an authentication flaw. Apple states the vulnerability was fixed by improved authentication. Public r...
CVE-2021-30866
CVE-2021-30866 is Apple’s privacy issue where broadcast WiFi MAC addresses were removed to prevent passive tracking. It affects tvOS 15, watchOS 8, iOS 15 and iPadOS 15, with the root cause being exposure of a device’s MAC address over a Wi‑Fi broadcast. The fix is the removal of the broadcast MA...
CVE-2021-30863
This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 15 and iPadOS 15. A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID...
CVE-2021-30863
CVE-2021-30863 affects devices with Face ID. The issue describes a spoofing risk where a 3D model resembling the enrolled user may authenticate via Face ID. Apple fixed the vulnerability in iOS 15 and iPadOS 15 by improving Face ID anti-spoofing models. Public-facing details in the connected sour...
CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this...
CVE-2021-30859
CVE-2021-30859 is a Kernel-type confusion vulnerability in Apple products. According to Apple advisories, it could allow a malicious application to execute arbitrary code with kernel/system privileges. The issue was addressed by Apple in macOS Big Sur 11.6 and Security Update 2021-005 Catalina, a...
CVE-2021-30859
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges...
CVE-2021-30858
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...
CVE-2021-30858
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...
CVE-2021-30858
CVE-2021-30858 is a use-after-free in WebKit/WebKitGTK that could lead to arbitrary code execution when processing malicious web content. Apple patched this in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6; Chromium/WebKit GTK ecosystems referenced the same vulnerability (WebKit/Gtk port). Some a...
CVE-2021-30858
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited...
CVE-2021-30855
CVE-2021-30855 is an Apple vulnerability in the Preferences component where a validation issue in the handling of symlinks could allow an application to access restricted files. The issue is addressed in Security Update 2021-005 Catalina, iOS 14.8/iPadOS 14.8 and iOS 15/iPadOS 15, watchOS 8, and ...
CVE-2021-30852
CVE-2021-30852 is a type-confusion issue in Apple’s Foundation component that can be triggered by processing malicious web content, potentially enabling arbitrary code execution. The vulnerability is addressed via memory-handling fixes and is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8,...
CVE-2021-30851
CVE-2021-30851 affects WebKitGTK and WPE WebKit. A memory corruption vulnerability could allow arbitrary code execution when processing malicious web content. Upstream fix is WebKitGTK/WebKit/WPE WebKit 2.34.1; Debian/Arch Linux advisories (DSA-4995/4996, ASA-202110-10) note remediation by upgrad...
CVE-2021-30851
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution...
CVE-2021-30851
A memory corruption vulnerability was addressed with improved locking. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution...
Apple macOS 缓冲区错误漏洞
Apple macOS is a suite of specialized operating systems developed by Apple Inc. for Mac computers. A buffer error vulnerability exists in several Apple products, where a malicious application may be able to execute arbitrary code using kernel privileges. The vulnerability is fixed in the followin...
Apple tvOS 安全漏洞
Apple tvOS is a set of smart TV operating systems from the American company Apple. A security vulnerability exists in several Apple products that stems from a type confusion issue. An attacker could cause code execution via maliciously crafted web content, which is fixed in iOS 14.8 and iPadOS...