Details of VAR-202109-1371

ID

VAR-202109-1371

CVE

CVE-2021-30703

TITLE

plural Apple Product double free vulnerability

Trust: 0.8

sources: JVNDB: JVNDB-2021-013526

DESCRIPTION

A double free issue was addressed with improved memory management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges. plural Apple The product contains a double free vulnerability.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Information about the security content is also available at https://support.apple.com/HT212600. CVE-2021-30805: ABC Research s.r.o AppKit Available for: macOS Catalina Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed by removing the vulnerable code. CVE-2021-30790: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Catalina Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30781: tr3e Bluetooth Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30672: say2 of ENKI CoreAudio Available for: macOS Catalina Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab CoreAudio Available for: macOS Catalina Impact: Playing a malicious audio file may lead to an unexpected application termination Description: A logic issue was addressed with improved validation. CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab CoreStorage Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: An injection issue was addressed with improved validation. CVE-2021-30777: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30789: Sunglin of Knownsec 404 team, Mickey Jin (@patch1t) of Trend Micro CoreText Available for: macOS Catalina Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30733: Sunglin from the Knownsec 404 CVMS Available for: macOS Catalina Impact: A malicious application may be able to gain root privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications dyld Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: A logic issue was addressed with improved validation. CVE-2021-30768: Linus Henze (pinauten.de) FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An integer overflow was addressed through improved input validation. CVE-2021-30760: Sunglin of Knownsec 404 team FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A stack overflow was addressed with improved input validation. CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A buffer overflow was addressed with improved bounds checking. CVE-2021-30785: Mickey Jin (@patch1t) of Trend Micro, CFF of Topsec Alpha Team Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to cause unexpected system termination or write kernel memory Description: This issue was addressed with improved checks. CVE-2021-30787: Anonymous working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Catalina Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30765: Liu Long of Ant Security Light-Year Lab CVE-2021-30766: Liu Long of Ant Security Light-Year Lab IOUSBHostFamily Available for: macOS Catalina Impact: An unprivileged application may be able to capture USB devices Description: This issue was addressed with improved checks. CVE-2021-30793: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab LaunchServices Available for: macOS Catalina Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) LaunchServices Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improved access restrictions. CVE-2021-30783: Ron Waisberg (@epsilan) Model I/O Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to a denial of service Description: A logic issue was addressed with improved validation. CVE-2021-30796: Mickey Jin (@patch1t) of Trend Micro Sandbox Available for: macOS Catalina Impact: A malicious application may be able to access restricted files Description: This issue was addressed with improved checks. CVE-2021-30782: Csaba Fitzl (@theevilbit) of Offensive Security WebKit Available for: macOS Catalina Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30799: Sergei Glazunov of Google Project Zero Additional recognition configd We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. CoreServices We would like to acknowledge Zhongcheng Li (CK01) for their assistance. CoreText We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance. Crash Reporter We would like to acknowledge Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University for their assistance. crontabs We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. IOKit We would like to acknowledge George Nosenko for their assistance. Spotlight We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmD4r8cACgkQZcsbuWJ6 jjABdhAAirmXHOsGrxcCNUBGKp5vqFtTyyfgzZIqg5GE3uMS7+l08XUgh32opEHX qyAUtECbsBUZVTWYRDH1tFOIMU/BpVWZ1w4BOcg6cYTXSdDBqz57VUo71ivjsn4s MspZ+0so2nLhO2ZwnejQA1tFVH8s2DtScCzYiGjlu/bK61Nozu8E7LzHSksUn/Vp /68FMaYO8qmRkIZp68n6Avid+pfP8XAcBVuQtlttGX98JFN76u/uH9CuVk64r2Mp g2o5/Dw15OAOREOTwbcCxSoncHtUoEBSGykxJNRRnAC3zxPndHASA3uM7Ez5ubaa z9+LrMGXWnbWgOT9y1FSu6vtDDRgd37+syONU9Z2WlHs9nNpo+g2FzIl5/f6twgv 8npMDuCvwtg+I/lXEZBX/AobNq+/OXZDeRtEjeTBzy+gw4I74pkJajg3HwaxTLRV d+3hsWyQp1tRoeSMC/OErVLrpsV8FmXJyIEeZoaD2jliobz4/6km9CH6VimfPqGJ ZMQkX/m5yt3OqFXSh6i3ZWjXDRiqw2rVvLa2Ya8Me1PFmroRxj56AuelRM5+J9LG bBIsV87A+7J44q01OT0hy7JX/mg2wYcUKNglz7iNeeffbOTnDXlI+pP12gPKDkDW AT2oWHVljBg8aRBVSFB0wu5jctIWjQysbEQCnIDWiPWd4GVSOSs=agRk -----END PGP SIGNATURE-----

Trust: 2.52

sources: NVD: CVE-2021-30703 // JVNDB: JVNDB-2021-013526 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390436 // VULMON: CVE-2021-30703 // PACKETSTORM: 163647 // PACKETSTORM: 163649

AFFECTED PRODUCTS

vendor:	apple	model:	mac os x	scope:	lte	version:	10.15.6	Trust: 1.0
vendor:	apple	model:	iphone os	scope:	lt	version:	14.6	Trust: 1.0
vendor:	apple	model:	macos	scope:	lt	version:	11.4	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	lte	version:	10.14.5	Trust: 1.0
vendor:	apple	model:	ipados	scope:	lt	version:	14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.14.6	Trust: 1.0
vendor:	apple	model:	watchos	scope:	lt	version:	7.5	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.14	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	gte	version:	10.15	Trust: 1.0
vendor:	apple	model:	tvos	scope:	lt	version:	14.6	Trust: 1.0
vendor:	apple	model:	mac os x	scope:	eq	version:	10.15.7	Trust: 1.0
vendor:	apple	model:	macos	scope:	gte	version:	11.0	Trust: 1.0
vendor:	アップル	model:	apple mac os x	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ipados	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	watchos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	ios	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	macos	scope:	-	version:	-	Trust: 0.8
vendor:	アップル	model:	tvos	scope:	-	version:	-	Trust: 0.8

sources: JVNDB: JVNDB-2021-013526 // NVD: CVE-2021-30703

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2021-30703
value:	HIGH
Trust: 1.0
NVD:	CVE-2021-30703
value:	HIGH
Trust: 0.8
CNNVD:	CNNVD-202104-975
value:	MEDIUM
Trust: 0.6
CNNVD:	CNNVD-202107-1621
value:	HIGH
Trust: 0.6
VULHUB:	VHN-390436
value:	HIGH
Trust: 0.1

nvd@nist.gov:	CVE-2021-30703
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
VULHUB:	VHN-390436
severity:	HIGH
baseScore:	7.2
vectorString:	AV:L/AC:L/AU:N/C:C/I:C/A:C
accessVector:	LOCAL
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	3.9
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.1

nvd@nist.gov:	CVE-2021-30703
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	1.8
impactScore:	5.9
version:	3.1
Trust: 1.0
NVD:	CVE-2021-30703
baseSeverity:	HIGH
baseScore:	7.8
vectorString:	CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
attackVector:	LOCAL
attackComplexity:	LOW
privilegesRequired:	LOW
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	NONE
impactScore:	NONE
version:	3.0
Trust: 0.8

sources: VULHUB: VHN-390436 // JVNDB: JVNDB-2021-013526 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1621 // NVD: CVE-2021-30703

PROBLEMTYPE DATA

problemtype:	CWE-415	Trust: 1.1
problemtype:	Double release (CWE-415) [NVD evaluation ]	Trust: 0.8

sources: VULHUB: VHN-390436 // JVNDB: JVNDB-2021-013526 // NVD: CVE-2021-30703

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202107-1621

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

PATCH

title:	HT212600 Apple Security update	url:	https://support.apple.com/en-us/HT212528	Trust: 0.8
title:	Apple macOS Mojave Remediation of resource management error vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=157229	Trust: 0.6

sources: JVNDB: JVNDB-2021-013526 // CNNVD: CNNVD-202107-1621

EXTERNAL IDS

db:	NVD	id:	CVE-2021-30703	Trust: 3.6
db:	JVNDB	id:	JVNDB-2021-013526	Trust: 0.8
db:	PACKETSTORM	id:	163647	Trust: 0.7
db:	CS-HELP	id:	SB2021041363	Trust: 0.6
db:	CNNVD	id:	CNNVD-202104-975	Trust: 0.6
db:	CS-HELP	id:	SB2021072219	Trust: 0.6
db:	CS-HELP	id:	SB2021072231	Trust: 0.6
db:	AUSCERT	id:	ESB-2021.2492	Trust: 0.6
db:	CNNVD	id:	CNNVD-202107-1621	Trust: 0.6
db:	VULHUB	id:	VHN-390436	Trust: 0.1
db:	VULMON	id:	CVE-2021-30703	Trust: 0.1
db:	PACKETSTORM	id:	163649	Trust: 0.1

sources: VULHUB: VHN-390436 // VULMON: CVE-2021-30703 // JVNDB: JVNDB-2021-013526 // PACKETSTORM: 163647 // PACKETSTORM: 163649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202107-1621 // NVD: CVE-2021-30703

REFERENCES

url:	https://support.apple.com/en-us/ht212603	Trust: 2.3
url:	https://support.apple.com/en-us/ht212528	Trust: 1.7
url:	https://support.apple.com/en-us/ht212529	Trust: 1.7
url:	https://support.apple.com/en-us/ht212532	Trust: 1.7
url:	https://support.apple.com/en-us/ht212533	Trust: 1.7
url:	https://support.apple.com/en-us/ht212600	Trust: 1.7
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30703	Trust: 1.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021041363	Trust: 0.6
url:	https://packetstormsecurity.com/files/163647/apple-security-advisory-2021-07-21-3.html	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072219	Trust: 0.6
url:	https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35970	Trust: 0.6
url:	https://www.auscert.org.au/bulletins/esb-2021.2492	Trust: 0.6
url:	https://www.cybersecurity-help.cz/vdb/sb2021072231	Trust: 0.6
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30799	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30781	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30777	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30793	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30733	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30790	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30788	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30787	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30766	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30765	Trust: 0.2
url:	https://support.apple.com/downloads/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30672	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30805	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30780	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30759	Trust: 0.2
url:	https://www.apple.com/support/security/pgp/	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30782	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30760	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30677	Trust: 0.2
url:	https://support.apple.com/kb/ht201222	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30783	Trust: 0.2
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30796	Trust: 0.2
url:	http://seclists.org/fulldisclosure/2021/jul/56	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30768	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30776	Trust: 0.1
url:	https://support.apple.com/ht212600.	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30789	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30731	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30775	Trust: 0.1
url:	https://nvd.nist.gov/vuln/detail/cve-2021-30785	Trust: 0.1
url:	https://support.apple.com/ht212603.	Trust: 0.1

CREDITS

Apple

Trust: 0.2

sources: PACKETSTORM: 163647 // PACKETSTORM: 163649

SOURCES

db:	VULHUB	id:	VHN-390436
db:	VULMON	id:	CVE-2021-30703
db:	JVNDB	id:	JVNDB-2021-013526
db:	PACKETSTORM	id:	163647
db:	PACKETSTORM	id:	163649
db:	CNNVD	id:	CNNVD-202104-975
db:	CNNVD	id:	CNNVD-202107-1621
db:	NVD	id:	CVE-2021-30703

LAST UPDATE DATE

2024-08-14T12:13:16.642000+00:00

SOURCES UPDATE DATE

db:	VULHUB	id:	VHN-390436	date:	2021-09-17T00:00:00
db:	JVNDB	id:	JVNDB-2021-013526	date:	2022-09-15T03:20:00
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-14T00:00:00
db:	CNNVD	id:	CNNVD-202107-1621	date:	2021-09-18T00:00:00
db:	NVD	id:	CVE-2021-30703	date:	2021-09-17T18:40:49.293

SOURCES RELEASE DATE

db:	VULHUB	id:	VHN-390436	date:	2021-09-08T00:00:00
db:	JVNDB	id:	JVNDB-2021-013526	date:	2022-09-15T00:00:00
db:	PACKETSTORM	id:	163647	date:	2021-07-23T15:30:33
db:	PACKETSTORM	id:	163649	date:	2021-07-23T15:31:52
db:	CNNVD	id:	CNNVD-202104-975	date:	2021-04-13T00:00:00
db:	CNNVD	id:	CNNVD-202107-1621	date:	2021-07-21T00:00:00
db:	NVD	id:	CVE-2021-30703	date:	2021-09-08T15:15:15.447