ID

VAR-202109-0817


CVE

CVE-2021-30796


TITLE

iOS  and  macOS  Vulnerability in

Trust: 0.8

sources: JVNDB: JVNDB-2021-013571

DESCRIPTION

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing a maliciously crafted image may lead to a denial of service. iOS and macOS Exists in unspecified vulnerabilities.Service operation interruption (DoS) It may be in a state. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation.The specific flaw exists within the ModelIO framework. Crafted data in a USD file can trigger a write past the end of an allocated data structure. An attacker can leverage this vulnerability to execute code in the context of the current process. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Information about the security content is also available at https://support.apple.com/HT212600. AMD Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved input validation. CVE-2021-30805: ABC Research s.r.o AppKit Available for: macOS Catalina Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Catalina Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e Bluetooth Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30672: say2 of ENKI CoreAudio Available for: macOS Catalina Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Catalina Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreStorage Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: An injection issue was addressed with improved validation. CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Sunglin of Knownsec 404 team, Mickey Jin (@patch1t) of Trend Micro CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30733: Sunglin from the Knownsec 404 CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: Mickey Jin (@patch1t) of Trend Micro, CFF of Topsec Alpha Team Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30765: Liu Long of Ant Security Light-Year Lab CVE-2021-30766: Liu Long of Ant Security Light-Year Lab IOUSBHostFamily Available for: macOS Catalina Impact: An unprivileged application may be able to capture USB devices Description: This issue was addressed with improved checks. CVE-2021-30731: UTM (@UTMapp) Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A double free issue was addressed with improved memory management. CVE-2021-30703: an anonymous researcher Kernel Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab LaunchServices Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) LaunchServices Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improved access restrictions. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro Sandbox Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved checks. CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security WebKit Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero Additional recognition configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. CoreServices We would like to acknowledge Zhongcheng Li (CK01) for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Crash Reporter We would like to acknowledge Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University for their assistance. crontabs We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. IOKit We would like to acknowledge George Nosenko for their assistance. Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8cACgkQZcsbuWJ6 jjABdhAAirmXHOsGrxcCNUBGKp5vqFtTyyfgzZIqg5GE3uMS7+l08XUgh32opEHX qyAUtECbsBUZVTWYRDH1tFOIMU/BpVWZ1w4BOcg6cYTXSdDBqz57VUo71ivjsn4s MspZ+0so2nLhO2ZwnejQA1tFVH8s2DtScCzYiGjlu/bK61Nozu8E7LzHSksUn/Vp /68FMaYO8qmRkIZp68n6Avid+pfP8XAcBVuQtlttGX98JFN76u/uH9CuVk64r2Mp g2o5/Dw15OAOREOTwbcCxSoncHtUoEBSGykxJNRRnAC3zxPndHASA3uM7Ez5ubaa z9+LrMGXWnbWgOT9y1FSu6vtDDRgd37+syONU9Z2WlHs9nNpo+g2FzIl5/f6twgv 8npMDuCvwtg+I/lXEZBX/AobNq+/OXZDeRtEjeTBzy+gw4I74pkJajg3HwaxTLRV d+3hsWyQp1tRoeSMC/OErVLrpsV8FmXJyIEeZoaD2jliobz4/6km9CH6VimfPqGJ ZMQkX/m5yt3OqFXSh6i3ZWjXDRiqw2rVvLa2Ya8Me1PFmroRxj56AuelRM5+J9LG bBIsV87A+7J44q01OT0hy7JX/mg2wYcUKNglz7iNeeffbOTnDXlI+pP12gPKDkDW AT2oWHVljBg8aRBVSFB0wu5jctIWjQysbEQCnIDWiPWd4GVSOSs=agRk -----END PGP SIGNATURE-----

Trust: 3.15

sources: NVD: CVE-2021-30796 // JVNDB: JVNDB-2021-013571 // ZDI: ZDI-21-948 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390529 // VULMON: CVE-2021-30796 // PACKETSTORM: 163647 // PACKETSTORM: 163649

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:eqversion:10.15.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.3

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.3

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.5

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.1

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.4

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.0

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.2

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.1

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.7

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.5

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:applemodel:macosscope: - version: -

Trust: 0.7

sources: ZDI: ZDI-21-948 // JVNDB: JVNDB-2021-013571 // NVD: CVE-2021-30796

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30796
value: MEDIUM

Trust: 1.0

NVD: CVE-2021-30796
value: MEDIUM

Trust: 0.8

ZDI: CVE-2021-30796
value: HIGH

Trust: 0.7

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202107-1650
value: MEDIUM

Trust: 0.6

VULHUB: VHN-390529
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30796
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390529
severity: MEDIUM
baseScore: 4.3
vectorString: AV:N/AC:M/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: MEDIUM
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 8.6
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30796
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 2.8
impactScore: 3.6
version: 3.1

Trust: 1.0

NVD: CVE-2021-30796
baseSeverity: MEDIUM
baseScore: 6.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

ZDI: CVE-2021-30796
baseSeverity: HIGH
baseScore: 7.8
vectorString: AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: REQUIRED
scope: UNCHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 1.8
impactScore: 5.9
version: 3.0

Trust: 0.7

sources: ZDI: ZDI-21-948 // VULHUB: VHN-390529 // JVNDB: JVNDB-2021-013571 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1650 // NVD: CVE-2021-30796

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013571 // NVD: CVE-2021-30796

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-202107-1650

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:HT212602 Apple  Security updateurl:https://support.apple.com/en-us/HT212600

Trust: 0.8

title:Apple has issued an update to correct this vulnerability.url:https://support.apple.com/en-us/HT212602

Trust: 0.7

title:Apple macOS Big Sur Enter the fix for the verification error vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=158811

Trust: 0.6

sources: ZDI: ZDI-21-948 // JVNDB: JVNDB-2021-013571 // CNNVD: CNNVD-202107-1650

EXTERNAL IDS

db:NVDid:CVE-2021-30796

Trust: 4.3

db:ZDIid:ZDI-21-948

Trust: 1.3

db:JVNDBid:JVNDB-2021-013571

Trust: 0.8

db:ZDI_CANid:ZDI-CAN-14011

Trust: 0.7

db:PACKETSTORMid:163647

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021072231

Trust: 0.6

db:CS-HELPid:SB2021072219

Trust: 0.6

db:AUSCERTid:ESB-2021.2485.2

Trust: 0.6

db:CNNVDid:CNNVD-202107-1650

Trust: 0.6

db:VULHUBid:VHN-390529

Trust: 0.1

db:VULMONid:CVE-2021-30796

Trust: 0.1

db:PACKETSTORMid:163649

Trust: 0.1

sources: ZDI: ZDI-21-948 // VULHUB: VHN-390529 // VULMON: CVE-2021-30796 // JVNDB: JVNDB-2021-013571 // PACKETSTORM: 163647 // PACKETSTORM: 163649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1650 // NVD: CVE-2021-30796

REFERENCES

url:https://support.apple.com/en-us/ht212602

Trust: 3.0

url:https://support.apple.com/en-us/ht212600

Trust: 1.7

url:https://support.apple.com/en-us/ht212601

Trust: 1.7

url:https://support.apple.com/en-us/ht212603

Trust: 1.7

url:https://nvd.nist.gov/vuln/detail/cve-2021-30796

Trust: 1.0

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://packetstormsecurity.com/files/163647/apple-security-advisory-2021-07-21-3.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072219

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35970

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2485.2

Trust: 0.6

url:https://www.zerodayinitiative.com/advisories/zdi-21-948/

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072231

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-30799

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30781

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30777

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30793

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30733

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30790

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30788

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30787

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30766

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30765

Trust: 0.2

url:https://support.apple.com/downloads/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30672

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30780

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30759

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30703

Trust: 0.2

url:https://www.apple.com/support/security/pgp/

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30760

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30677

Trust: 0.2

url:https://support.apple.com/kb/ht201222

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30783

Trust: 0.2

url:http://seclists.org/fulldisclosure/2021/jul/56

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30776

Trust: 0.1

url:https://support.apple.com/ht212600.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30785

Trust: 0.1

url:https://support.apple.com/ht212603.

Trust: 0.1

sources: ZDI: ZDI-21-948 // VULHUB: VHN-390529 // VULMON: CVE-2021-30796 // JVNDB: JVNDB-2021-013571 // PACKETSTORM: 163647 // PACKETSTORM: 163649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1650 // NVD: CVE-2021-30796

CREDITS

Mickey Jin (@patch1t) of Trend Micro

Trust: 1.3

sources: ZDI: ZDI-21-948 // CNNVD: CNNVD-202107-1650

SOURCES

db:ZDIid:ZDI-21-948
db:VULHUBid:VHN-390529
db:VULMONid:CVE-2021-30796
db:JVNDBid:JVNDB-2021-013571
db:PACKETSTORMid:163647
db:PACKETSTORMid:163649
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202107-1650
db:NVDid:CVE-2021-30796

LAST UPDATE DATE

2024-08-14T13:03:08.679000+00:00


SOURCES UPDATE DATE

db:ZDIid:ZDI-21-948date:2021-08-05T00:00:00
db:VULHUBid:VHN-390529date:2021-09-16T00:00:00
db:JVNDBid:JVNDB-2021-013571date:2022-09-16T03:25:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202107-1650date:2021-09-17T00:00:00
db:NVDid:CVE-2021-30796date:2021-09-16T14:47:03.117

SOURCES RELEASE DATE

db:ZDIid:ZDI-21-948date:2021-08-05T00:00:00
db:VULHUBid:VHN-390529date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013571date:2022-09-16T00:00:00
db:PACKETSTORMid:163647date:2021-07-23T15:30:33
db:PACKETSTORMid:163649date:2021-07-23T15:31:52
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202107-1650date:2021-07-21T00:00:00
db:NVDid:CVE-2021-30796date:2021-09-08T14:15:11.660