Lucene search

Ipad Os Security Vulnerabilities - July

cve

CVE-2021-1863

An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number.

2.4CVSS

3.1AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.

9.8CVSS

8.3AI Score

0.004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1865

An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.

5CVSS

5.1AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1867

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.

8.8CVSS

8.1AI Score

0.003EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1868

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.

7.8CVSS

7AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1870

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issu...

9.8CVSS

8.6AI Score

0.017EPSS

2021-04-02 07:15 PM

1108

In Wild

cve

CVE-2021-1871

9.8CVSS

8.6AI Score

0.012EPSS

2021-04-02 07:15 PM

1107

In Wild

cve

CVE-2021-1872

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. Muting a CallKit call while ringing may not result in mute being enabled.

4.3CVSS

5.1AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1874

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.5 and iPadOS 14.5. An application may be able to execute arbitrary code with kernel privileges.

8.8CVSS

8AI Score

0.002EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1875

A double free issue was addressed with improved memory management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted file may lead to heap corruption.

7.8CVSS

7.3AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1877

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5. A local user may be able to read kernel memory.

5.5CVSS

4.9AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1879

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been active...

6.1CVSS

6AI Score

0.002EPSS

2021-04-02 07:15 PM

971

In Wild

cve

CVE-2021-1881

An out-of-bounds read was addressed with improved input validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing a maliciously crafted font file may lead to arbitrary code ...

7.8CVSS

8AI Score

0.002EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1882

A memory corruption issue was addressed with improved validation. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An application may be able to gain elevated privileges.

9.8CVSS

8.2AI Score

0.005EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1883

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted server messages may lead to heap corruption.

5.5CVSS

5.8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1884

A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, Security Update 2021-003 Catalina, tvOS 14.5, macOS Big Sur 11.3. A remote attacker may be able to cause a denial of service.

5.9CVSS

6AI Score

0.012EPSS

2021-09-08 03:15 PM

cve

CVE-2021-1885

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS

8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30652

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to gain root privileges.

7CVSS

7AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30653

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS

8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30656

An access issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5. A malicious application may be able to determine kernel memory layout.

5.5CVSS

5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30659

A validation issue was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, macOS Big Sur 11.3. A malicious application may be able to leak sensitive user information.

6.5CVSS

6.1AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30660

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to disclose kernel memory.

7.5CVSS

6.8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30661

A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report tha...

8.8CVSS

9.1AI Score

0.006EPSS

2021-09-08 03:15 PM

1268

In Wild

cve

CVE-2021-30662

This issue was addressed with improved checks. This issue is fixed in iOS 14.5 and iPadOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

7.3CVSS

6.9AI Score

0.01EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30664

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. Processing a maliciously crafted file may lead to arbitrary code execution.

7.8CVSS

8.1AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30667

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.6 and iPadOS 14.6. An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism.

5.4CVSS

5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30674

This issue was addressed with improved checks. This issue is fixed in iOS 14.6 and iPadOS 14.6. A malicious application may disclose restricted memory.

5.5CVSS

5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30677

This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.

8.8CVSS

7.5AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30681

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be...

7.8CVSS

7.2AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30682

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.

5.5CVSS

5.6AI Score

0.001EPSS

2021-09-08 03:15 PM

166

cve

CVE-2021-30685

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.

5.5CVSS

5.4AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30686

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory.

5.5CVSS

5.5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30687

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user i...

5.5CVSS

5.7AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30689

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

6.1CVSS

5.9AI Score

0.002EPSS

2021-09-08 03:15 PM

196

cve

CVE-2021-30691

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

5.5CVSS

5.5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30692

5.5CVSS

5.5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30693

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS

8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30694

5.5CVSS

5.5AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30695

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

5.5CVSS

5.8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30697

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.

5.5CVSS

5.4AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30698

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

7.5CVSS

6.9AI Score

0.005EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30699

A window management issue was addressed with improved state management. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be able to view restricted content from the lockscreen.

4.6CVSS

4.3AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30700

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information.

5.5CVSS

5.4AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30701

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.

7.8CVSS

7.7AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30703

A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privil...

7.8CVSS

7.9AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30704

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.

7.8CVSS

7.8AI Score

0.0004EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30705

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents.

5.5CVSS

5.8AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30706

Processing a maliciously crafted image may lead to disclosure of user information. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. This issue was addressed with improved checks.

5.5CVSS

5.4AI Score

0.001EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30707

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.

8.8CVSS

8.1AI Score

0.005EPSS

2021-09-08 03:15 PM

cve

CVE-2021-30708

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or ar...

7.8CVSS

8AI Score

0.001EPSS

2021-09-08 03:15 PM

Total number of security vulnerabilities1154