Details of VAR-202108-2122

ID

VAR-202108-2122

CVE

CVE-2021-30852

TITLE

Mistype vulnerability in multiple Apple products

Trust: 0.8

sources: JVNDB: JVNDB-2021-021201

DESCRIPTION

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution. iPadOS , iOS , macOS Multiple Apple products have a type mixup vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8 watchOS 8 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212819. Accessory Manager Available for: Apple Watch Series 3 and later Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory consumption issue was addressed with improved memory handling. CVE-2021-30837: an anonymous researcher AppleMobileFileIntegrity Available for: Apple Watch Series 3 and later Impact: A local attacker may be able to read sensitive information Description: This issue was addressed with improved checks. CVE-2021-30811: an anonymous researcher working with Compartir bootp Available for: Apple Watch Series 3 and later Impact: A device may be passively tracked by its WiFi MAC address Description: A user privacy issue was addressed by removing the broadcast MAC address. CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium) Entry added October 25, 2021 CoreAudio Available for: Apple Watch Series 3 and later Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab Entry added October 25, 2021 FaceTime Available for: Apple Watch Series 3 and later Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call Description: A logic issue was addressed with improved validation. CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime Entry added October 25, 2021 FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021 FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab Entry added October 25, 2021 FontParser Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Foundation Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A type confusion issue was addressed with improved memory handling. CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab Entry added October 25, 2021 ImageIO Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Kernel Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab libexpat Available for: Apple Watch Series 3 and later Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Preferences Available for: Apple Watch Series 3 and later Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Preferences Available for: Apple Watch Series 3 and later Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved state management. CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Sandbox Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to modify protected parts of the file system Description: This issue was addressed with improved checks. CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security Entry added October 25, 2021 WebKit Available for: Apple Watch Series 3 and later Impact: Visiting a maliciously crafted website may reveal a user's browsing history Description: The issue was resolved with additional restrictions on CSS compositing. CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research Entry added October 25, 2021 WebKit Available for: Apple Watch Series 3 and later Impact: An attacker in a privileged network position may be able to bypass HSTS Description: A logic issue was addressed with improved restrictions. CVE-2021-30823: David Gullasch of Recurity Labs Entry added October 25, 2021 WebKit Available for: Apple Watch Series 3 and later Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs Entry added October 25, 2021 WebKit Available for: Apple Watch Series 3 and later Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-30851: Samuel Groß of Google Project Zero Wi-Fi Available for: Apple Watch Series 3 and later Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup Description: An authorization issue was addressed with improved state management. CVE-2021-30810: an anonymous researcher Additional recognition Sandbox We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. UIKit We would like to acknowledge an anonymous researcher for their assistance. Installation note: Instructions on how to update your Apple Watch software are available at https://support.apple.com/kb/HT204641 To check the version on your Apple Watch, open the Apple Watch app on your iPhone and select "My Watch > General > About". Alternatively, on your watch, select "My Watch > General > About". Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4h0EACgkQeC9qKD1p rhjcPxAA0x7qg2GycQ0GJb8VqWSNGGbhKVkwocTvEtOKZmebfdCXWnJ6vycp731f Zz5AtfK1S/SIaQbLLTsZUwuVN9AweRvymsuK3EYCPBupi0hA7G0CQudQ9jFfa70+ cfqW2CLrkZB9FiD0Y6hLRaUR/WczdCeFnD87I4XziqM8JVfPi1YMZ3QndLFR+qoR DOH5cVZQg/EYNuynyIUtLpsbtLCzGiYdkuDb1xozgklY8SYLhOsGP4tbU7ACpbRs 7DEU1laGGByyGz8T3/Z9n7x1589lxDk7VSUPflnv0Fq6FYiahAvKOZQDsAjhs1sI YA4QvtjsEjRq/p/rnElrMYd91e/QuOtixFcYY360YP/FPhHGfBHS7dEko5q/6JwG mGrjm/rHMVfsqSzoLZShdDQrRKz76mW0F2bWWggQqka4GxHtDNGPpYYQJLndQqvu W0RxoYFNBFex39na/nqkVjJNAO1GRFoZy1B0PpjgKbwV3Wn4pGgHcj5ToC15oGUJ 078BFgQW4ucEj59d9hWg0di4JEgFFgph5KwO66BY0LUrHdHVpC5GGccxt1aDXC0j i2uJIlofj/mU1PUBZ0vZ1JP2tDGgEmcKzgStCtYS4ZqK01wA6kKWfF0jpsbFGnXe 57sksI5rtKpbiIiZ4/GRhIQTUNRgIOPoy9rUZnbAtWuUKXWZIrw= =mdve -----END PGP SIGNATURE-----

Trust: 1.98

sources: NVD: CVE-2021-30852 // JVNDB: JVNDB-2021-021201 // VULHUB: VHN-390585 // VULMON: CVE-2021-30852 // PACKETSTORM: 164693 // PACKETSTORM: 164692

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	14.8	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	15.0	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.8	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	8.0	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	12.0.1	Trust: 1.0
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	eq	version:	8.0	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-021201 // NVD: CVE-2021-30852

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30852
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30852
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202108-1950
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390585
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-30852
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390585
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30852
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	2.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30852
baseSeverity:	HIGH
baseScore:	8.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390585 // JVNDB: JVNDB-2021-021201 // CNNVD: CNNVD-202108-1950 // NVD: CVE-2021-30852

PROBLEMTYPE DATA

problemtype:	CWE-843	Trust: 1.1
problemtype:	Mistake of type (CWE-843) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390585 // JVNDB: JVNDB-2021-021201 // NVD: CVE-2021-30852

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202108-1950

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202108-1950

PATCH

title:	HT212815 Apple Security update	url:	https://support.apple.com/en-us/HT212807	Trust: 0.8
title:	Apple tvOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168170	Trust: 0.6

sources: JVNDB: JVNDB-2021-021201 // CNNVD: CNNVD-202108-1950

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30852	Trust: 3.6
db:	PACKETSTORM	id:	164692	Trust: 0.8
db:	JVNDB	id:	JVNDB-2021-021201	Trust: 0.8
db:	AUSCERT	id:	ESB-2021.3578	Trust: 0.6
db:	CNNVD	id:	CNNVD-202108-1950	Trust: 0.6
db:	PACKETSTORM	id:	164693	Trust: 0.2
db:	VULHUB	id:	VHN-390585	Trust: 0.1
db:	VULMON	id:	CVE-2021-30852	Trust: 0.1

sources: VULHUB: VHN-390585 // VULMON: CVE-2021-30852 // JVNDB: JVNDB-2021-021201 // PACKETSTORM: 164693 // PACKETSTORM: 164692 // CNNVD: CNNVD-202108-1950 // NVD: CVE-2021-30852

REFERENCES

url:	https://support.apple.com/kb/ht212869	Trust: 2.5
url:	https://support.apple.com/kb/ht212953	Trust: 2.5
url:	https://support.apple.com/en-us/ht212815	Trust: 2.3
url:	https://support.apple.com/en-us/ht212807	Trust: 1.7
url:	https://support.apple.com/en-us/ht212814	Trust: 1.7
url:	https://support.apple.com/en-us/ht212819	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30852	Trust: 1.0
url:	https://www.auscert.org.au/bulletins/esb-2021.3578	Trust: 0.6
url:	https://packetstormsecurity.com/files/164692/apple-security-advisory-2021-10-26-10.html	Trust: 0.6
url:	https://support.apple.com/en-us/ht212953	Trust: 0.6
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30849	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30854	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30851	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30846	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2013-0340	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30808	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30841	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30834	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30843	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30818	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30809	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30831	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30837	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30810	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30857	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30847	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30823	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30866	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30814	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30840	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30836	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30842	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30835	Trust: 0.2
url:	https://nvd.nist.gov	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30884	Trust: 0.1
url:	https://support.apple.com/ht212815.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30850	Trust: 0.1
url:	https://support.apple.com/kb/ht204641	Trust: 0.1
url:	https://support.apple.com/ht212819.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30855	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30811	Trust: 0.1

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 164693 // PACKETSTORM: 164692

SOURCES

db:	VULHUB	id:	VHN-390585
db:	VULMON	id:	CVE-2021-30852
db:	JVNDB	id:	JVNDB-2021-021201
db:	PACKETSTORM	id:	164693
db:	PACKETSTORM	id:	164692
db:	CNNVD	id:	CNNVD-202108-1950
db:	NVD	id:	CVE-2021-30852

LAST UPDATE DATE

2024-08-14T12:23:44.796000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390585	date:	2023-01-09T00:00:00
db:	VULMON	id:	CVE-2021-30852	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021201	date:	2024-07-18T06:00:00
db:	CNNVD	id:	CNNVD-202108-1950	date:	2021-11-23T00:00:00
db:	NVD	id:	CVE-2021-30852	date:	2023-11-07T03:33:31.840

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390585	date:	2021-08-24T00:00:00
db:	VULMON	id:	CVE-2021-30852	date:	2021-08-24T00:00:00
db:	JVNDB	id:	JVNDB-2021-021201	date:	2024-07-18T00:00:00
db:	PACKETSTORM	id:	164693	date:	2021-10-28T14:58:57
db:	PACKETSTORM	id:	164692	date:	2021-10-28T14:58:43
db:	CNNVD	id:	CNNVD-202108-1950	date:	2021-08-24T00:00:00
db:	NVD	id:	CVE-2021-30852	date:	2021-08-24T19:15:13.790