Details of VAR-202109-0352

ID

VAR-202109-0352

CVE

CVE-2021-1838

TITLE

Apple macOS ImageIO PICT File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability

Trust: 0.7

sources: ZDI: ZDI-21-617

DESCRIPTION

This issue was addressed with improved checks. This issue is fixed in iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to arbitrary code execution. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ImageIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ImageIO framework. Crafted data in a PICT image can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers

Trust: 1.71

sources: NVD: CVE-2021-1838 // ZDI: ZDI-21-617 // VULHUB: VHN-376498 // VULMON: CVE-2021-1838

AFFECTED PRODUCTS

vendor:	apple	model:	ipados	scope:	lt	version:	14.4	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.4	Trust: 1.0
vendor:	apple	model:	macos	scope:	-	version:	-	Trust: 0.7

sources: ZDI: ZDI-21-617 // NVD: CVE-2021-1838

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-1838
value:	HIGH
Trust: 1.0
ZDI:	CVE-2021-1838
value:	LOW
Trust: 0.7
CNNVD:	CNNVD-202106-134
value:	HIGH
Trust: 0.6
VULHUB:	VHN-376498
value:	MEDIUM
Trust: 0.1
VULMON:	CVE-2021-1838
value:	MEDIUM
Trust: 0.1

nvd@nist.gov:	CVE-2021-1838
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.1
VULHUB:	VHN-376498
severity:	MEDIUM
baseScore:	6.8
vectorString:	AV:N/AC:M/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	MEDIUM
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	8.6
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-1838
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
ZDI:	CVE-2021-1838
baseSeverity:	LOW
baseScore:	3.3
vectorString:	AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	REQUIRED
scope:	UNCHANGED
confidentialityImpact:	LOW
integrityImpact:	NONE
availabilityImpact:	NONE
exploitabilityScore:	1.8
impactScore:	1.4
version:	3.0
Trust: 0.7

sources: ZDI: ZDI-21-617 // VULHUB: VHN-376498 // VULMON: CVE-2021-1838 // CNNVD: CNNVD-202106-134 // NVD: CVE-2021-1838

PROBLEMTYPE DATA

problemtype:

NVD-CWE-noinfo

Trust: 1.0

sources: NVD: CVE-2021-1838

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202106-134

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202106-134

PATCH

title:	Apple has issued an update to correct this vulnerability.	url:	https://support.apple.com/HT212146	Trust: 0.7
title:	Apple macOS Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=152625	Trust: 0.6

sources: ZDI: ZDI-21-617 // CNNVD: CNNVD-202106-134

EXTERNAL IDS

db:	NVD	id:	CVE-2021-1838	Trust: 2.5
db:	ZDI	id:	ZDI-21-617	Trust: 1.4
db:	ZDI_CAN	id:	ZDI-CAN-12626	Trust: 0.7
db:	CNNVD	id:	CNNVD-202106-134	Trust: 0.6
db:	VULHUB	id:	VHN-376498	Trust: 0.1
db:	VULMON	id:	CVE-2021-1838	Trust: 0.1

sources: ZDI: ZDI-21-617 // VULHUB: VHN-376498 // VULMON: CVE-2021-1838 // CNNVD: CNNVD-202106-134 // NVD: CVE-2021-1838

REFERENCES

url:	https://support.apple.com/en-us/ht212146	Trust: 1.8
url:	https://support.apple.com/ht212146	Trust: 0.7
url:	https://www.zerodayinitiative.com/advisories/zdi-21-617/	Trust: 0.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-1838	Trust: 0.6
url:	https://cwe.mitre.org/data/definitions/.html	Trust: 0.1
url:	https://nvd.nist.gov	Trust: 0.1

sources: ZDI: ZDI-21-617 // VULHUB: VHN-376498 // VULMON: CVE-2021-1838 // CNNVD: CNNVD-202106-134 // NVD: CVE-2021-1838

CREDITS

Mickey Jin & Junzhi Lu of Trend Micro Mobile Security Research Team

Trust: 0.7

sources: ZDI: ZDI-21-617

SOURCES

db:	ZDI	id:	ZDI-21-617
db:	VULHUB	id:	VHN-376498
db:	VULMON	id:	CVE-2021-1838
db:	CNNVD	id:	CNNVD-202106-134
db:	NVD	id:	CVE-2021-1838

LAST UPDATE DATE

2024-08-14T15:37:57.849000+00:00

SOURCES UPDATE DATE

db:	ZDI	id:	ZDI-21-617	date:	2021-06-02T00:00:00
db:	VULHUB	id:	VHN-376498	date:	2021-09-15T00:00:00
db:	VULMON	id:	CVE-2021-1838	date:	2021-09-15T00:00:00
db:	CNNVD	id:	CNNVD-202106-134	date:	2021-09-17T00:00:00
db:	NVD	id:	CVE-2021-1838	date:	2021-09-15T15:24:30.577

SOURCES RELEASE DATE

db:	ZDI	id:	ZDI-21-617	date:	2021-06-02T00:00:00
db:	VULHUB	id:	VHN-376498	date:	2021-09-08T00:00:00
db:	VULMON	id:	CVE-2021-1838	date:	2021-09-08T00:00:00
db:	CNNVD	id:	CNNVD-202106-134	date:	2021-06-02T00:00:00
db:	NVD	id:	CVE-2021-1838	date:	2021-09-08T15:15:10.753