ID

VAR-202104-0627


CVE

CVE-2021-1746


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-012723

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PICT image can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. The following products and versions are affected: macOS: 10.15, 10.15 SU1, 10.15.1, 10.15.2, 10.15.3, 10.15.4, 10.15.4 SU1, 10.15.5, 10.15.5 SU1, 10.15.6, 10.15. 6 SU1, 10.15.7, 10.15.7 SU1, 11.0, 11.0.1, 11.1. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service. Information about the security content is also available at https://support.apple.com/HT212147. CVE-2021-1761: Cees Elzinga APFS Available for: macOS Big Sur 11.0.1 Impact: A local user may be able to read arbitrary files Description: The issue was addressed with improved permissions logic. CVE-2021-1797: Thomas Tempelmann CFNetwork Cache Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2020-27945: Zhuo Liang of Qihoo 360 Vulcan Team CoreAnimation Available for: macOS Big Sur 11.0.1 Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A memory corruption issue was addressed with improved state management. CVE-2021-1760: @S0rryMybad of 360 Vulcan Team CoreAudio Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab CoreGraphics Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT CoreText Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted text file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-1772: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative CoreText Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative Crash Reporter Available for: macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2021-1761: Cees Elzinga Crash Reporter Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: A local attacker may be able to elevate their privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security Directory Utility Available for: macOS Catalina 10.15.7 Impact: A malicious application may be able to access private information Description: A logic issue was addressed with improved state management. CVE-2020-27937: Wojciech Reguła (@_r3ggi) of SecuRing Endpoint Security Available for: macOS Catalina 10.15.7 Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1802: Zhongcheng Li (@CK01) from WPS Security Response Center FairPlay Available for: macOS Big Sur 11.0.1 Impact: A malicious application may be able to disclose kernel memory Description: An out-of-bounds read issue existed that led to the disclosure of kernel memory. CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative FontParser Available for: macOS Catalina 10.15.7 Impact: Processing a maliciously crafted font may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1775: Mickey Jin and Qi Sun of Trend Micro FontParser Available for: macOS Mojave 10.14.6 Impact: A remote attacker may be able to leak memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2020-29608: Xingwei Lin of Ant Security Light-Year Lab FontParser Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1743: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative, Xingwei Lin of Ant Security Light- Year Lab ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted image may lead to a denial of service Description: An out-of-bounds read issue existed in the curl. CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1766: Danny Rosseau of Carve Systems ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-1742: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1746: Mickey Jin & Qi Sun of Trend Micro, Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1754: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1774: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1777: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab ImageIO Available for: macOS Big Sur 11.0.1 and macOS Catalina 10.15.7 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1737: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-1738: Lei Sun CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab IOKit Available for: macOS Big Sur 11.0.1 Impact: An application may be able to execute arbitrary code with system privileges Description: A logic error in kext loading was addressed with improved state handling. CVE-2021-1779: Csaba Fitzl (@theevilbit) of Offensive Security IOSkywalkFamily Available for: macOS Big Sur 11.0.1 Impact: A local attacker may be able to elevate their privileges Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1757: Pan ZhenPeng (@Peterpan0927) of Alibaba Security, Proteas Kernel Available for: macOS Catalina 10.15.7 and macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue existed resulting in memory corruption. CVE-2020-27904: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kernel Available for: macOS Big Sur 11.0.1 Impact: A remote attacker may be able to cause a denial of service Description: A use after free issue was addressed with improved memory management. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1782: an anonymous researcher Kernel Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: An application may be able to execute arbitrary code with kernel privileges Description: Multiple issues were addressed with improved logic. CVE-2021-1750: @0xalsr Login Window Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: An attacker in a privileged network position may be able to bypass authentication policy Description: An authentication issue was addressed with improved state management. CVE-2020-29633: Jewel Lambert of Original Spin, LLC. CVE-2021-1771: Shreyas Ranganatha (@strawsnoceans) Model I/O Available for: macOS Big Sur 11.0.1 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1762: Mickey Jin of Trend Micro Model I/O Available for: macOS Catalina 10.15.7 Impact: Processing a maliciously crafted file may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2020-29614: ZhiWei Sun (@5n1p3r0010) from Topsec Alpha Lab Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-1763: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to heap corruption Description: This issue was addressed with improved checks. CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1753: Mickey Jin of Trend Micro working with Trend Micro’s Zero Day Initiative Model I/O Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro’s Zero Day Initiative NetFSFramework Available for: macOS Big Sur 11.0.1, macOS Catalina 10.15.7, and macOS Mojave 10.14.6 Impact: Mounting a maliciously crafted Samba network share may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-25709 Power Management Available for: macOS Mojave 10.14.6, macOS Catalina 10.15.7 Impact: A malicious application may be able to elevate privileges Description: A logic issue was addressed with improved state management. CVE-2020-27938: Tim Michaud (@TimGMichaud) of Leviathan Screen Sharing Available for: macOS Big Sur 11.0.1 Impact: Multiple issues in pcre Description: Multiple issues were addressed by updating to version 8.44. CVE-2019-20838 CVE-2020-14155 SQLite Available for: macOS Catalina 10.15.7 Impact: Multiple issues in SQLite Description: Multiple issues were addressed by updating SQLite to version 3.32.3. CVE-2020-15358 Swift Available for: macOS Big Sur 11.0.1 Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication Description: A logic issue was addressed with improved validation. CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs WebKit Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1788: Francisco Alonso (@revskills) WebKit Available for: macOS Big Sur 11.0.1 Impact: Maliciously crafted web content may violate iframe sandboxing policy Description: This issue was addressed with improved iframe sandbox enforcement. CVE-2021-1765: Eliya Stein of Confiant CVE-2021-1801: Eliya Stein of Confiant WebKit Available for: macOS Big Sur 11.0.1 Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved state handling. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-1871: an anonymous researcher CVE-2021-1870: an anonymous researcher WebRTC Available for: macOS Big Sur 11.0.1 Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A port redirection issue was addressed with additional port validation. CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy Kamkar Additional recognition Kernel We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of Trend Micro for their assistance. libpthread We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for their assistance. Login Window We would like to acknowledge Jose Moises Romero-Villanueva of CrySolve for their assistance. Mail Drafts We would like to acknowledge Jon Bottarini of HackerOne for their assistance. Screen Sharing Server We would like to acknowledge @gorelics for their assistance. WebRTC We would like to acknowledge Philipp Hancke for their assistance. This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAYgrkACgkQZcsbuWJ6 jjATvhAAmcspGY8ZHJcSUGr9mysz5iT9oGkZcvFa8kcJsFAvFb9Wjz0M2eovBXQc D9bD7LrUpodiqkSobB4bEevpD9P8E/T/eRSBxjomKLv5DKHPT4eh/K2EU6R6ubVi GGNlT9DJrIxcTJIB2y/yfs8msV2w2/gZDLKJZP4Zh6t8G1sjI17iEaxpOph67aq2 X0d+P7+7q1mUBa47JEQ+HIUNlfHtBL825cnmHD2Vn1WELQLKZfXBl+nPM9l9naRc 3vYIvR7xJ5c4bqFx7N9xwGdQ5TRIoDijqADwggGwOZEiVZ7PWifj/iCLUz4Ks4hr oGVE1UxN1oSX63D44ZQyfiyIWIiMtDV9V4J6mUoUnZ6RTTMoRRAF9DcSVF5/wmHk odYnMeouHc543ZyVBtdtwJ/tbuBvTOjzpNn0+UgiyRL9wG/xxQq+gB4vwgSEviek bBhyvdxLVWW0ULwFeN5rI5bCQBkv6BB9OSyhD6sMRrp59NAgBBS2nstZG1RAt7XL 2KZ1GpoNcuDRLj7ElxAfeJuPM1dFVTK48SH56M1FElz/QowZVOXyKgUoaeVTUyAC 3WOACmFAosFIclCbr8z8yGynX2bsCGBNKv4pKoHlyZCyFHCQw9L6uR2gRkOp86+M iqHtE2L1WUZvUMCIKxfdixILEfoacSVCxr3+v4SSDOcEbSDYEIA= =mUkG -----END PGP SIGNATURE----- . CVE-2021-1782: an anonymous researcher Messages Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may be able to leak sensitive user information Description: A privacy issue existed in the handling of Contact cards. CVE-2021-1753: Mickey Jin of Trend Micro Entry added February 1, 2021 Phone Keypad Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker with physical access to a device may be able to see private contact information Description: A lock screen issue allowed access to contacts on a locked device

Trust: 2.79

sources: NVD: CVE-2021-1746 // JVNDB: JVNDB-2021-012723 // ZDI: ZDI-21-146 // VULHUB: VHN-376406 // VULMON: CVE-2021-1746 // PACKETSTORM: 161248 // PACKETSTORM: 161245 // PACKETSTORM: 161246 // PACKETSTORM: 161247

AFFECTED PRODUCTS

vendor:applemodel:ipadosscope:ltversion:14.4

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:ltversion:10.15.7

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.4

Trust: 1.0

vendor:アップルmodel:macos big surscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-146 // JVNDB: JVNDB-2021-012723 // NVD: CVE-2021-1746

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-1746
value: HIGH

Trust: 1.0

NVD: CVE-2021-1746
value: HIGH

Trust: 0.8

ZDI: CVE-2021-1746
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202102-116
value: HIGH

Trust: 0.6

VULHUB: VHN-376406
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-1746
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-376406
severity: MEDIUM
baseScore: 6.8
vectorString: AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-1746
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.1

Trust: 1.0

NVD: CVE-2021-1746
baseSeverity: HIGH
baseScore: 7.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-1746
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-146 // VULHUB: VHN-376406 // JVNDB: JVNDB-2021-012723 // CNNVD: CNNVD-202102-116 // NVD: CVE-2021-1746

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-012723 // NVD: CVE-2021-1746

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202102-116

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202102-116

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-376406

PATCH

title:HT212148 Apple  Security updateurl:https://support.apple.com/en-us/HT212146

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT212147

Trust: 0.7

title:Apple ImageIO Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=143279

Trust: 0.6

sources: ZDI: ZDI-21-146 // JVNDB: JVNDB-2021-012723 // CNNVD: CNNVD-202102-116

EXTERNAL IDS

db:NVDid:CVE-2021-1746

Trust: 4.5

db:PACKETSTORMid:161245

Trust: 0.8

db:JVNDBid:JVNDB-2021-012723

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-12328

Trust: 0.7

db:ZDIid:ZDI-21-146

Trust: 0.7

db:AUSCERTid:ESB-2021.0354

Trust: 0.6

db:CNNVDid:CNNVD-202102-116

Trust: 0.6

db:PACKETSTORMid:161248

Trust: 0.2

db:PACKETSTORMid:161246

Trust: 0.2

db:PACKETSTORMid:161247

Trust: 0.2

db:VULHUBid:VHN-376406

Trust: 0.1

db:VULMONid:CVE-2021-1746

Trust: 0.1

sources: ZDI: ZDI-21-146 // VULHUB: VHN-376406 // VULMON: CVE-2021-1746 // JVNDB: JVNDB-2021-012723 // PACKETSTORM: 161248 // PACKETSTORM: 161245 // PACKETSTORM: 161246 // PACKETSTORM: 161247 // CNNVD: CNNVD-202102-116 // NVD: CVE-2021-1746

REFERENCES

url:https://support.apple.com/en-us/ht212147

Trust: 2.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1746

Trust: 1.8

url:https://support.apple.com/en-us/ht212146

Trust: 1.7

url:https://support.apple.com/en-us/ht212148

Trust: 1.7

url:https://support.apple.com/en-us/ht212149

Trust: 1.7

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.0354/

Trust: 0.6

url:https://packetstormsecurity.com/files/161245/apple-security-advisory-2021-02-01-1.html

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-1757

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1744

Trust: 0.4

url:https://www.apple.com/support/security/pgp/

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1743

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1758

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1750

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1747

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1741

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-1760

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1766

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1769

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1761

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1748

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1764

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1773

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1776

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1778

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1772

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-1789

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1783

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1787

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1785

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1791

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1786

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1792

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1788

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1753

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1745

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-1759

Trust: 0.2

url:https://exchange.xforce.ibmcloud.com/vulnerabilities/195932

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1793

Trust: 0.1

url:https://support.apple.com/ht212148.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1742

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-14155

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1751

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27945

Trust: 0.1

url:https://support.apple.com/ht212147.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29633

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1737

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1736

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1738

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1754

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27904

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-25709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-15358

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29608

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27938

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2019-20838

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-27937

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-29614

Trust: 0.1

url:https://support.apple.com/ht212146.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1762

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1780

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1781

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1756

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-1763

Trust: 0.1

url:https://support.apple.com/ht212149.

Trust: 0.1

sources: ZDI: ZDI-21-146 // VULHUB: VHN-376406 // VULMON: CVE-2021-1746 // JVNDB: JVNDB-2021-012723 // PACKETSTORM: 161248 // PACKETSTORM: 161245 // PACKETSTORM: 161246 // PACKETSTORM: 161247 // CNNVD: CNNVD-202102-116 // NVD: CVE-2021-1746

CREDITS

Apple

Trust: 1.0

sources: PACKETSTORM: 161248 // PACKETSTORM: 161245 // PACKETSTORM: 161246 // PACKETSTORM: 161247 // CNNVD: CNNVD-202102-116

SOURCES

db:ZDIid:ZDI-21-146
db:VULHUBid:VHN-376406
db:VULMONid:CVE-2021-1746
db:JVNDBid:JVNDB-2021-012723
db:PACKETSTORMid:161248
db:PACKETSTORMid:161245
db:PACKETSTORMid:161246
db:PACKETSTORMid:161247
db:CNNVDid:CNNVD-202102-116
db:NVDid:CVE-2021-1746

LAST UPDATE DATE

2024-08-14T12:30:49.894000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-146date:2021-02-04T00:00:00
db:VULHUBid:VHN-376406date:2021-04-08T00:00:00
db:VULMONid:CVE-2021-1746date:2021-04-08T00:00:00
db:JVNDBid:JVNDB-2021-012723date:2022-09-07T03:25:00
db:CNNVDid:CNNVD-202102-116date:2021-04-09T00:00:00
db:NVDid:CVE-2021-1746date:2021-04-08T21:25:27.643

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-146date:2021-02-04T00:00:00
db:VULHUBid:VHN-376406date:2021-04-02T00:00:00
db:VULMONid:CVE-2021-1746date:2021-04-02T00:00:00
db:JVNDBid:JVNDB-2021-012723date:2022-09-07T00:00:00
db:PACKETSTORMid:161248date:2021-02-02T16:09:50
db:PACKETSTORMid:161245date:2021-02-02T16:06:51
db:PACKETSTORMid:161246date:2021-02-02T16:08:18
db:PACKETSTORMid:161247date:2021-02-02T16:08:52
db:CNNVDid:CNNVD-202102-116date:2021-02-02T00:00:00
db:NVDid:CVE-2021-1746date:2021-04-02T18:15:19.483