Sign-up

ID

VAR-202108-1279


CVE

CVE-2021-30964


TITLE

Vulnerabilities related to improper assignment of permissions to critical resources in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2021-021136

DESCRIPTION

An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences. iPadOS , iOS , macOS Several Apple products, including the above, contain vulnerabilities related to improper assignment of permissions to important resources.Information may be obtained. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-12-15-6 watchOS 8.3 watchOS 8.3 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212975. Audio Available for: Apple Watch Series 3 and later Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab CFNetwork Proxies Available for: Apple Watch Series 3 and later Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations Description: A logic issue was addressed with improved state management. CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera) ColorSync Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. CVE-2021-30926: Jeremy Brown CVE-2021-30942: Mateusz Jurczyk of Google Project Zero CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: Apple Watch Series 3 and later Impact: Playing a malicious audio file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab Crash Reporter Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption vulnerability was addressed with improved locking. CVE-2021-30937: Sergei Glazunov of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A use after free issue was addressed with improved memory management. CVE-2021-30927: Xinru Chi of Pangu Lab CVE-2021-30980: Xinru Chi of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30949: Ian Beer of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30955: Zweig of Kunlun Lab Preferences Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Description: A race condition was addressed with improved state handling. CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t) Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass certain Privacy preferences Description: A logic issue was addressed with improved restrictions. CVE-2021-30946: @gorelics Sandbox Available for: Apple Watch Series 3 and later Impact: An application may be able to access a user's files Description: An access issue was addressed with additional sandbox restrictions. CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security TCC Available for: Apple Watch Series 3 and later Impact: A local user may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30767: @gorelics TCC Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to bypass Privacy preferences Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30964: Andy Grant of Zoom Video Communications WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30934: Dani Biro WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab CVE-2021-30951: Pangu WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An integer overflow was addressed with improved input validation. CVE-2021-30952: WeBin WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A race condition was addressed with improved state handling. CVE-2021-30984: Kunlun Lab WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30953: VRIJ WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30954: Kunlun Lab Additional recognition Bluetooth We would like to acknowledge Haram Park, Korea University for their assistance. ColorSync We would like to acknowledge Mateusz Jurczyk of Google Project Zero for their assistance. Contacts We would like to acknowledge Minchan Park (03stin) for their assistance. Kernel We would like to acknowledge Amit Klein of Bar-Ilan University's Center for Research in Applied Cryptography and Cyber Security for their assistance. WebKit We would like to acknowledge Peter Snyder of Brave and Soroush Karami for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmG6UnYACgkQeC9qKD1p rhj6SQ//YijQ31LlBeSJC1QfKKY86KApE/FiGxuNG04YGeLBujsOxrfRw/xmd9Xn wkBGmpHOrtguoNYjANNXwFBornC3wk7nse8kND8nEv7HYO8zxAa5lMDjGtuO1SY1 eG4mUeWVEAw6Avzt7Y/2sFi6nK5ft6PzWJaBKc6GU4pipGxptrdPLohow8KLu4Xh TL60gUilkVWlvgEbVrI3AYmxeKdkdrJdAU+caGTZUUzWHJfzIOLkb4o1143OQfqj t1vJrA6Hy43fQdU/ceJi1n/DR4N+Xg9kWyEXI6+06m0Ss41QcWfMwEks7dT/zIG+ wlLR+00WO7VdCwHt5x/bz09YzdGWgoOUz5xNicqI0idyHmELtxlnYhXez48+j2Xz xnzdfOoCp9E7bXBOQa2bKZqffNmYMGK1hR1tcgF+3gsmz9Zz+huAG2VBNjVByYaS rwfvG7WhhbNc9qzm3fykvgq8NF7Z1G7RKNKPPzhG7QIAC5s4S0wemw1voy53yvmj FPisKbj/AT2+qUoOuYODNTMOJje0OcfnjoKdWrN63xIOPWShSfIx4bhjIHy3ASwj zn94MyzNhrVGOwoRXC+uQu0f/cdSUGx8L7XdHLp0sjAPMsrqE3X+RuMOFYtds7aI 1TwxV/lhKMX5VzOcPeBASRRbXNWYs6mIXKAHBGTKcNkIR0djZOk=onN+ -----END PGP SIGNATURE-----

Trust: 1.89

sources: NVD: CVE-2021-30964 // JVNDB: JVNDB-2021-021136 // VULHUB: VHN-390697 // VULMON: CVE-2021-30964 // PACKETSTORM: 165359

AFFECTED PRODUCTS

vendor:applemodel:macosscope:ltversion:12.1

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:15.2

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:8.3

Trust: 1.0

vendor:アップルmodel:watchosscope:eqversion:8.3

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-021136 // NVD: CVE-2021-30964

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30964
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30964
value: MEDIUM

Trust: 0.8

CNNVD: CNNVD-202108-2066
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390697
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30964
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390697
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:P/I:N/A:N
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30964
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: 1.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-30964
baseSeverity: MEDIUM
baseScore: 5.5
vectorString: CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: NONE
availabilityImpact: NONE
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390697 // JVNDB: JVNDB-2021-021136 // CNNVD: CNNVD-202108-2066 // NVD: CVE-2021-30964

PROBLEMTYPE DATA

problemtype:CWE-732

Trust: 1.1

problemtype:Improper permission assignment for critical resources (CWE-732) [NVD evaluation ]

Trust: 0.8

sources: VULHUB: VHN-390697 // JVNDB: JVNDB-2021-021136 // NVD: CVE-2021-30964

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202108-2066

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-2066

PATCH

title:HT212976 Apple  Security updateurl:https://support.apple.com/en-us/HT212975

Trust: 0.8

title:Apple iOS and iPadOS Security vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=176530

Trust: 0.6

sources: JVNDB: JVNDB-2021-021136 // CNNVD: CNNVD-202108-2066

EXTERNAL IDS

db:NVDid:CVE-2021-30964

Trust: 3.5

db:PACKETSTORMid:165359

Trust: 0.8

db:JVNDBid:JVNDB-2021-021136

Trust: 0.8

db:AUSCERTid:ESB-2021.4260

Trust: 0.6

db:CS-HELPid:SB2021121434

Trust: 0.6

db:CNNVDid:CNNVD-202108-2066

Trust: 0.6

db:VULHUBid:VHN-390697

Trust: 0.1

db:VULMONid:CVE-2021-30964

Trust: 0.1

sources: VULHUB: VHN-390697 // VULMON: CVE-2021-30964 // JVNDB: JVNDB-2021-021136 // PACKETSTORM: 165359 // CNNVD: CNNVD-202108-2066 // NVD: CVE-2021-30964

REFERENCES

url:https://support.apple.com/en-us/ht212976

Trust: 2.3

url:https://support.apple.com/en-us/ht212975

Trust: 1.7

url:https://support.apple.com/en-us/ht212978

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30964

Trust: 0.9

url:https://www.auscert.org.au/bulletins/esb-2021.4260

Trust: 0.6

url:https://packetstormsecurity.com/files/165359/apple-security-advisory-2021-12-15-6.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37064

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021121434

Trust: 0.6

url:https://nvd.nist.gov

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30966

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30936

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30926

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30984

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30957

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30953

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30958

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30960

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30916

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30952

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30927

Trust: 0.1

url:https://support.apple.com/kb/ht204641

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30945

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30939

Trust: 0.1

url:https://www.apple.com/support/security/pgp/

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30955

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30951

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30937

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30954

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30934

Trust: 0.1

url:https://support.apple.com/kb/ht201222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30968

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30980

Trust: 0.1

url:https://support.apple.com/ht212975.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30946

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30949

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30767

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30947

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30942

Trust: 0.1

sources: VULHUB: VHN-390697 // VULMON: CVE-2021-30964 // JVNDB: JVNDB-2021-021136 // PACKETSTORM: 165359 // CNNVD: CNNVD-202108-2066 // NVD: CVE-2021-30964

CREDITS

Apple

Trust: 0.1

sources: PACKETSTORM: 165359

SOURCES

db:VULHUBid:VHN-390697
db:VULMONid:CVE-2021-30964
db:JVNDBid:JVNDB-2021-021136
db:PACKETSTORMid:165359
db:CNNVDid:CNNVD-202108-2066
db:NVDid:CVE-2021-30964

LAST UPDATE DATE

2024-08-14T12:08:10.814000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390697date:2021-12-29T00:00:00
db:VULMONid:CVE-2021-30964date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021136date:2024-07-18T01:44:00
db:CNNVDid:CNNVD-202108-2066date:2021-12-30T00:00:00
db:NVDid:CVE-2021-30964date:2023-11-07T03:34:05.330

SOURCES RELEASE DATE

db:VULHUBid:VHN-390697date:2021-08-24T00:00:00
db:VULMONid:CVE-2021-30964date:2021-08-24T00:00:00
db:JVNDBid:JVNDB-2021-021136date:2024-07-18T00:00:00
db:PACKETSTORMid:165359date:2021-12-17T19:20:06
db:CNNVDid:CNNVD-202108-2066date:2021-08-24T00:00:00
db:NVDid:CVE-2021-30964date:2021-08-24T19:15:22.390