Sign-up

ID

VAR-202104-0608


CVE

CVE-2021-1772


TITLE

Apple macOS CoreText TTF Parsing Out-of-Bounds Write Remote Code Execution

Trust: 0.7

sources: ZDI: ZDI-21-149

DESCRIPTION

A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the CoreText library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the parsing of TTF fonts. Crafted data in a TTF file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. A crafted TTF font can trigger an overflow of a fixed-length stack-based buffer. Both Apple iOS and Apple iPadOS are products of Apple (Apple). Apple iOS is an operating system developed for mobile devices. Apple iPadOS is an operating system for iPad tablets. Apple iOS 14.4 and iPadOS 14.4 security vulnerability, the vulnerability exists due to a boundary Apple macOS bug in the CoreText component in macOS. Apple macOS is vulnerable to a stack-based buffer overflow, caused by improper bounds checking by the CoreText component. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4 iOS 14.4 and iPadOS 14.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212146. Analytics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Entry added February 1, 2021 APFS Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1794: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1795: Jianjun Dai of 360 Alpha Lab CVE-2021-1796: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 Bluetooth Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in a privileged position may be able to perform a denial of service attack Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1780: Jianjun Dai of 360 Alpha Lab Entry added February 1, 2021 CoreAnimation Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021 CoreAudio Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab Entry added February 1, 2021 CoreGraphics Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1776: Ivan Fratric of Google Project Zero Entry added February 1, 2021 CoreMedia Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT Entry added February 1, 2021 CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro Entry added February 1, 2021 CoreText Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local user may be able to create or modify system files Description: A logic issue was addressed with improved state management. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021 Crash Reporter Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1787: James Hutchins Entry added February 1, 2021 FairPlay Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro Entry added February 1, 2021 FontParser Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1758: Peter Nguyen of STAR Labs Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: This issue was addressed with improved checks. CVE-2021-1766: Danny Rosseau of Carve Systems Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi Sun of Trend Micro CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 ImageIO Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An access issue was addressed with improved memory management. CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab Entry added February 1, 2021 IOSkywalkFamily Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security Entry added February 1, 2021 iTunes Store Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted URL may lead to arbitrary javascript code execution Description: A validation issue was addressed with improved input sanitization. CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. CVE-2021-1764: Maxime Villard (@m00nbsd) Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Entry added February 1, 2021 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro Entry added February 1, 2021 Model I/O Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021 Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device. CVE-2021-1756: Ryan Pickren (ryanpickren.com) Entry added February 1, 2021 Swift Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. CVE-2021-1789: @S0rryMybad of 360 Vulcan Team Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1801: Eliya Stein of Confiant Entry added February 1, 2021 WebKit Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher WebRTC Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Entry added February 1, 2021 Additional recognition iTunes Store We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021 Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. Entry added February 1, 2021 libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Entry added February 1, 2021 Mail We would like to acknowledge Yiğit Can YILMAZ (@yilmazcanyigit) and an anonymous researcher for their assistance. Entry added February 1, 2021 Store Demo We would like to acknowledge @08Tc3wBB for their assistance. Entry added February 1, 2021 WebRTC We would like to acknowledge Philipp Hancke for their assistance. Entry added February 1, 2021 Wi-Fi We would like to acknowledge an anonymous researcher for their assistance. Entry added February 1, 2021 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgtAACgkQZcsbuWJ6 jjCK6g//dClC7Zq+dOqvuwvDa1ZMQ/R7pmp9qn2jFQsN41sf3JXSUT5AT2qhkB+W BvfgNl4JEAhdFigcuChzNWjrtQjT30Iqu/mPKF9zh8FRi5Uc0Z+UDAS4QAJcYmBl naDKY9u0SIyzxyvoK2AhfnbgAy7xsICNUiPFIV3sLS20NnKaItd/zBVCsgiMnpXD lXBJJfoJZcKzUxsHVGuh3DU9FgyS0Ypo8EAuZTPT511rco7nAqQ+RY5s8DRZ91Up BWoFQezmVQmxHGA2rwJH+RgSUOUywCNi/xLinAdNq8en4db8UtSmUcQHqaFgybBk bfWN3apPFq7vKCPbW8NI4JPBeP4WhORGH1V2jgJV8DM8Lod/Uh1yJrcZ5a4FxwCO VZKROL2UwE8T3tNYNlYoIr83FKVeMxnYhEP+xSSM3iZGtIflkcO3UtfitJlV0U26 RCavBUyxJV1aqb/3ic/WwLco7jBeOEIUkoZq7djyo8K1LrVSxZvBAUveV+Y2qvz3 UrbdDeTaTqDZ+rgQjOTcMJsvLHwzcrD8DdhgAMt9FAsVZ+dxSsqrMBNxhtc5uRyf bSTDyJc4epsC5S6IrjHaePdnv65tuIjC/JYmBvdshtp5j3aUnJUGWPhWuuhDLIjh oxMn01QVy9KvVSQs3kqot8Ai8e1hXGnzwDUHEqPQLYzEi77v8HU= =WL5N -----END PGP SIGNATURE-----

Trust: 2.61

sources: NVD: CVE-2021-1772 // ZDI: ZDI-21-149 // ZDI: ZDI-21-758 // VULHUB: VHN-376432 // VULMON: CVE-2021-1772 // PACKETSTORM: 161248 // PACKETSTORM: 161246 // PACKETSTORM: 161247

AFFECTED PRODUCTS

vendor:applemodel:macosscope: - version: -

Trust: 1.4

vendor:applemodel:ipadosscope:ltversion:14.4

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.4

Trust: 1.0

sources: ZDI: ZDI-21-149 // ZDI: ZDI-21-758 // NVD: CVE-2021-1772

CVSS

SEVERITY

CVSSV2

CVSSV3

ZDI: CVE-2021-1772
value: HIGH

Trust: 1.4

nvd@nist.gov: CVE-2021-1772
value: HIGH

Trust: 1.0

CNNVD: CNNVD-202102-092
value: HIGH

Trust: 0.6

VULHUB: VHN-376432
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1772
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-376432
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

ZDI: CVE-2021-1772
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 1.4

nvd@nist.gov: CVE-2021-1772
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

sources: ZDI: ZDI-21-149 // ZDI: ZDI-21-758 // VULHUB: VHN-376432 // CNNVD: CNNVD-202102-092 // NVD: CVE-2021-1772

PROBLEMTYPE DATA

problemtype:CWE-787

Trust: 1.1

sources: VULHUB: VHN-376432 // NVD: CVE-2021-1772

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-092

TYPE

buffer error

Trust: 0.6

sources: CNNVD: CNNVD-202102-092

EXPLOIT AVAILABILITY

sources:
            
            
            VULHUB: VHN-376432

PATCH
title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT212147
Trust: 0.7
title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/HT212147
Trust: 0.7
title:Apple iOS 14.4 and iPadOS 14.4 Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140304
Trust: 0.6
sources:
            
            
            ZDI: ZDI-21-149 // 
            
            
            
            ZDI: ZDI-21-758 // 
            
            
            
            CNNVD: CNNVD-202102-092

EXTERNAL IDS
db:NVDid:CVE-2021-1772
Trust: 3.5
db:ZDIid:ZDI-21-758
Trust: 2.4
db:PACKETSTORMid:161246
Trust: 0.8
db:ZDI_CANid:ZDI-CAN-12825
Trust: 0.7
db:ZDIid:ZDI-21-149
Trust: 0.7
db:ZDI_CANid:ZDI-CAN-13172
Trust: 0.7
db:AUSCERTid:ESB-2021.0354
Trust: 0.6
db:CNNVDid:CNNVD-202102-092
Trust: 0.6
db:PACKETSTORMid:161248
Trust: 0.2
db:PACKETSTORMid:161247
Trust: 0.2
db:VULHUBid:VHN-376432
Trust: 0.1
db:VULMONid:CVE-2021-1772
Trust: 0.1
sources:
            
            
            ZDI: ZDI-21-149 // 
            
            
            
            ZDI: ZDI-21-758 // 
            
            
            
            VULHUB: VHN-376432 // 
            
            
            
            VULMON: CVE-2021-1772 // 
            
            
            
            PACKETSTORM: 161248 // 
            
            
            
            PACKETSTORM: 161246 // 
            
            
            
            PACKETSTORM: 161247 // 
            
            
            
            CNNVD: CNNVD-202102-092 // 
            
            
            
            NVD: CVE-2021-1772

REFERENCES
url:https://support.apple.com/en-us/ht212147
Trust: 2.4
url:https://www.zerodayinitiative.com/advisories/zdi-21-758/
Trust: 1.7
url:https://support.apple.com/en-us/ht212146
Trust: 1.7
url:https://support.apple.com/en-us/ht212148
Trust: 1.7
url:https://support.apple.com/en-us/ht212149
Trust: 1.7
url:https://nvd.nist.gov/vuln/detail/cve-2021-1772
Trust: 0.9
url:https://support.apple.com/ht212147
Trust: 0.7
url:https://packetstormsecurity.com/files/161246/apple-security-advisory-2021-02-01-2.html
Trust: 0.6
url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452
Trust: 0.6
url:https://www.auscert.org.au/bulletins/esb-2021.0354/
Trust: 0.6
url:https://nvd.nist.gov/vuln/detail/cve-2021-1760
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1766
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1757
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1769
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1761
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1744
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1748
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1764
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1773
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1776
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1778
Trust: 0.3
url:https://www.apple.com/support/security/pgp/
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1743
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1758
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1750
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1746
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1747
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1741
Trust: 0.3
url:https://nvd.nist.gov/vuln/detail/cve-2021-1789
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1783
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1787
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1785
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1791
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1786
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1792
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1782
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1788
Trust: 0.2
url:https://nvd.nist.gov/vuln/detail/cve-2021-1759
Trust: 0.2
url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195911
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1793
Trust: 0.1
url:https://support.apple.com/ht212148.
Trust: 0.1
url:https://support.apple.com/ht212146.
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1753
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1762
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1780
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1781
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1768
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1767
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1756
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1745
Trust: 0.1
url:https://nvd.nist.gov/vuln/detail/cve-2021-1763
Trust: 0.1
url:https://support.apple.com/ht212149.
Trust: 0.1
sources:
            
            
            ZDI: ZDI-21-149 // 
            
            
            
            ZDI: ZDI-21-758 // 
            
            
            
            VULHUB: VHN-376432 // 
            
            
            
            VULMON: CVE-2021-1772 // 
            
            
            
            PACKETSTORM: 161248 // 
            
            
            
            PACKETSTORM: 161246 // 
            
            
            
            PACKETSTORM: 161247 // 
            
            
            
            CNNVD: CNNVD-202102-092 // 
            
            
            
            NVD: CVE-2021-1772

CREDITS
Mickey Jin (@patch1t) of Trend Micro
Trust: 1.3
sources:
            
            
            ZDI: ZDI-21-758 // 
            
            
            
            CNNVD: CNNVD-202102-092

SOURCES
db:ZDIid:ZDI-21-149
db:ZDIid:ZDI-21-758
db:VULHUBid:VHN-376432
db:VULMONid:CVE-2021-1772
db:PACKETSTORMid:161248
db:PACKETSTORMid:161246
db:PACKETSTORMid:161247
db:CNNVDid:CNNVD-202102-092
db:NVDid:CVE-2021-1772

LAST UPDATE DATE
2024-08-14T12:55:35.186000+00:00

SOURCES UPDATE DATE
db:ZDIid:ZDI-21-149date:2021-02-04T00:00:00
db:ZDIid:ZDI-21-758date:2021-06-25T00:00:00
db:VULHUBid:VHN-376432date:2022-06-03T00:00:00
db:VULMONid:CVE-2021-1772date:2021-04-09T00:00:00
db:CNNVDid:CNNVD-202102-092date:2021-06-28T00:00:00
db:NVDid:CVE-2021-1772date:2022-06-03T14:25:44.043

SOURCES RELEASE DATE
db:ZDIid:ZDI-21-149date:2021-02-04T00:00:00
db:ZDIid:ZDI-21-758date:2021-06-25T00:00:00
db:VULHUBid:VHN-376432date:2021-04-02T00:00:00
db:VULMONid:CVE-2021-1772date:2021-04-02T00:00:00
db:PACKETSTORMid:161248date:2021-02-02T16:09:50
db:PACKETSTORMid:161246date:2021-02-02T16:08:18
db:PACKETSTORMid:161247date:2021-02-02T16:08:52
db:CNNVDid:CNNVD-202102-092date:2021-02-02T00:00:00
db:NVDid:CVE-2021-1772date:2021-04-02T18:15:20.747