ID

VAR-202109-1756


CVE

CVE-2021-30677


TITLE

plural  Apple  Product vulnerabilities

Trust: 0.8

sources: JVNDB: JVNDB-2021-013486

DESCRIPTION

This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox. plural Apple There are unspecified vulnerabilities in the product.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. Apple tvOS is a smart TV operating system developed by Apple (Apple). Apple tvOS has a security feature issue vulnerability that stems from a logic issue in LaunchServices. The vulnerability allows native applications to bypass implemented security restrictions. Affected products and versions: tvOS: 14.0 18J386, 14.0.1 18J400, 14.0.2 18J411, 14.2 18K57, 14.3 18K561, 14.4 18K802, 14.5 18L204. iOS 14.6 and iPadOS 14.6. CVE-2021-30714: @08Tc3wBB of ZecOps, and George Nosenko CommCenter Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A device may accept invalid activation results Description: A logic issue was addressed with improved restrictions. CVE-2021-30740: Linus Henze (pinauten.de) Kernel Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: A malicious application may disclose restricted memory Description: This issue was addressed with improved checks. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Wi-Fi Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) Impact: An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism Description: A logic issue was addressed with improved validation. CommCenter We would like to acknowledge CHRISTIAN MINA and Stefan Sterz (@0x7374) of Secure Mobile Networking Lab at TU Darmstadt and Industrial Software at TU Wien for their assistance. Make sure you have an Internet connection and have installed the latest version of iTunes from https://www.apple.com/itunes/ iTunes and Software Update on the device will automatically check Apple's update server on its weekly schedule. When an update is detected, it is downloaded and the option to be installed is presented to the user when the iOS device is docked. We recommend applying the update immediately if possible. Selecting Don't Install will present the option the next time you connect your iOS device. The automatic update process may take up to a week depending on the day that iTunes or the device checks for updates. You may manually obtain the update via the Check for Updates button within iTunes, or the Software Update on your device. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-05-25-2 macOS Big Sur 11.4 macOS Big Sur 11.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212529. AMD Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30678: Yu Wang of Didi Research America AMD Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: A logic issue was addressed with improved state management. CVE-2021-30676: shrek_wzw App Store Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: A path handling issue was addressed with improved validation. CVE-2021-30688: Thijs Alkemade of Computest Research Division AppleScript Available for: macOS Big Sur Impact: A malicious application may bypass Gatekeeper checks Description: A logic issue was addressed with improved state management. CVE-2021-30669: Yair Hoffmann Audio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro Core Services Available for: macOS Big Sur Impact: A malicious application may be able to gain root privileges Description: A validation issue existed in the handling of symlinks. CVE-2021-30681: Zhongcheng Li (CK01) CoreAudio Available for: macOS Big Sur Impact: Processing a maliciously crafted audio file may disclose restricted memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30686: Mickey Jin of Trend Micro Crash Reporter Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: A logic issue was addressed with improved state management. CVE-2021-30727: Cees Elzinga CVMS Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro Dock Available for: macOS Big Sur Impact: A malicious application may be able to access a user's call history Description: An access issue was addressed with improved access restrictions. CVE-2021-30673: Josh Parnham (@joshparnham) Graphics Drivers Available for: macOS Big Sur Impact: A remote attacker may cause an unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30684: Liu Long of Ant Security Light-Year Lab Graphics Drivers Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30735: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative Heimdal Available for: macOS Big Sur Impact: A local user may be able to leak sensitive user information Description: A logic issue was addressed with improved state management. CVE-2021-30697: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application may cause a denial of service or potentially disclose memory contents Description: A memory corruption issue was addressed with improved state management. CVE-2021-30710: Gabe Kirkpatrick (@gabe_k) Heimdal Available for: macOS Big Sur Impact: A malicious application could execute arbitrary code leading to compromise of user information Description: A use after free issue was addressed with improved memory management. CVE-2021-30683: Gabe Kirkpatrick (@gabe_k) ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360 ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to disclosure of user information Description: This issue was addressed with improved checks. CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security ImageIO Available for: macOS Big Sur Impact: Processing a maliciously crafted ASTC file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30705: Ye Zhang of Baidu Security Intel Graphics Driver Available for: macOS Big Sur Impact: A local user may be able to cause unexpected system termination or read kernel memory Description: An out-of-bounds read issue was addressed by removing the vulnerable code. CVE-2021-30719: an anonymous researcher working with Trend Micro Zero Day Initiative Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-30728: Liu Long of Ant Security Light-Year Lab CVE-2021-30726: Yinyi Wu(@3ndy1) of Qihoo 360 Vulcan Team Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved validation. CVE-2021-30740: Linus Henze (pinauten.de) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-30704: an anonymous researcher Kernel Available for: macOS Big Sur Impact: Processing a maliciously crafted message may lead to a denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30715: The UK's National Cyber Security Centre (NCSC) Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow was addressed with improved size validation. CVE-2021-30736: Ian Beer of Google Project Zero Kernel Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-30739: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab Kext Management Available for: macOS Big Sur Impact: A local user may be able to load unsigned kernel extensions Description: A logic issue was addressed with improved state management. CVE-2021-30680: Csaba Fitzl (@theevilbit) of Offensive Security LaunchServices Available for: macOS Big Sur Impact: A malicious application may be able to break out of its sandbox Description: This issue was addressed with improved environment sanitization. CVE-2021-30677: Ron Waisberg (@epsilan) Login Window Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window Description: A logic issue was addressed with improved state management. CVE-2021-30702: Jewel Lambert of Original Spin, LLC. Mail Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to misrepresent application state Description: A logic issue was addressed with improved state management. CVE-2021-30696: Fabian Ising and Damian Poddebniak of Münster University of Applied Sciences Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An information disclosure issue was addressed with improved state management. CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved state management. CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A validation issue was addressed with improved logic. CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: This issue was addressed with improved checks. CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro NSOpenPanel Available for: macOS Big Sur Impact: An application may be able to gain elevated privileges Description: This issue was addressed by removing the vulnerable code. CVE-2021-30679: Gabe Kirkpatrick (@gabe_k) OpenLDAP Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-36226 CVE-2020-36227 CVE-2020-36223 CVE-2020-36224 CVE-2020-36225 CVE-2020-36221 CVE-2020-36228 CVE-2020-36222 CVE-2020-36230 CVE-2020-36229 PackageKit Available for: macOS Big Sur Impact: A malicious application may be able to overwrite arbitrary files Description: An issue with path validation logic for hardlinks was addressed with improved path sanitization. CVE-2021-30738: Qingyang Chen of Topsec Alpha Team and Csaba Fitzl (@theevilbit) of Offensive Security Security Available for: macOS Big Sur Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code. CVE-2021-30737: xerub smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to perform denial of service Description: A logic issue was addressed with improved state management. CVE-2021-30716: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to execute arbitrary code Description: A memory corruption issue was addressed with improved state management. CVE-2021-30717: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: A path handling issue was addressed with improved validation. CVE-2021-30721: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An information disclosure issue was addressed with improved state management. CVE-2021-30722: Aleksandar Nikolic of Cisco Talos smbx Available for: macOS Big Sur Impact: A remote attacker may be able to cause unexpected application termination or arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2021-30712: Aleksandar Nikolic of Cisco Talos Software Update Available for: macOS Big Sur Impact: A person with physical access to a Mac may be able to bypass Login Window during a software update Description: This issue was addressed with improved checks. CVE-2021-30668: Syrus Kimiagar and Danilo Paffi Monteiro SoftwareUpdate Available for: macOS Big Sur Impact: A non-privileged user may be able to modify restricted settings Description: This issue was addressed with improved checks. CVE-2021-30718: SiQian Wei of ByteDance Security TCC Available for: macOS Big Sur Impact: A malicious application may be able to send unauthorized Apple events to Finder Description: A validation issue was addressed with improved logic. CVE-2021-30671: Ryan Bell (@iRyanBell) TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30713: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. CVE-2021-30744: Dan Hite of jsontop WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-21779: Marcin Towalski of Cisco Talos WebKit Available for: macOS Big Sur Impact: A malicious application may be able to leak sensitive user information Description: A logic issue was addressed with improved restrictions. CVE-2021-30682: an anonymous researcher and 1lastBr3ath WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to universal cross site scripting Description: A logic issue was addressed with improved state management. CVE-2021-30689: an anonymous researcher WebKit Available for: macOS Big Sur Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: Multiple memory corruption issues were addressed with improved memory handling. CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative WebKit Available for: macOS Big Sur Impact: A malicious website may be able to access restricted ports on arbitrary servers Description: A logic issue was addressed with improved restrictions. CVE-2021-30720: David Schütz (@xdavidhu) WebRTC Available for: macOS Big Sur Impact: A remote attacker may be able to cause a denial of service Description: A null pointer dereference was addressed with improved input validation. CVE-2021-23841: Tavis Ormandy of Google CVE-2021-30698: Tavis Ormandy of Google Additional recognition App Store We would like to acknowledge Thijs Alkemade of Computest Research Division for their assistance. CoreCapture We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant- financial TianQiong Security Lab for their assistance. ImageIO We would like to acknowledge Jzhu working with Trend Micro Zero Day Initiative and an anonymous researcher for their assistance. Mail Drafts We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their assistance. WebKit We would like to acknowledge Chris Salls (@salls) of Makai Security for their assistance. Installation note: This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/ Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222 This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/ -----BEGIN PGP SIGNATURE----- iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6 jjDC5g/+P0Hya9smOX6XVhxtnwe+vh2d5zOrKLBymdkvDPGw1UQoGOq08+7eu02Q vsManS/aP1UKNcMnbALHNFbFXv61ZjWi+71qgGGAQAe3EtYTJchBiIIyOBNIHoOJ 8X9sOeiyFzOOKw+GyVsBMNRL9Oh678USC4qgyyO5u2+Oexehu+6N9YNdAzwZgy6o muP+NlZ08s80ahRfq/6q8uKj7+Is0k5OEdxpWTnJOoXUDzZPj4Vo7H0HL6zjuqg3 CurJQABF3kDBWgZCvroMU6/HpbilGPE+JUFV7HPfaMe6iE3FsfrOq101w+/ovuNM hJ3yk/QENoh5BYdHKJo7zPVZBteGX20EVPdWfTsnz6a/hk568A+ICiupFIqwEuQv esIBWzgab9YUb2fAaZ071Z+lSn0Rj7tm3V/rhdwq19tYD3Q7BqEJ+YxYCH2zvyIB mP4/NoMpsDiTqFradR8Skac5uwINpZzAHjFyWLj0QVWVMxyQB8EGshR16YPkMryJ rjGyNIqZPcZ/Z6KJqpvNJrfI+b0oeqFMBUwpwK/7aQFPP/MvsM+UVSySipRiqwoa WAHMuY4SQwcseok7N6Rf+zAEYm9Nc+YglYpTW2taw6g0vWNIuCbyzPdC/Srrjw98 od2jLahPwyoBg6WBvXoZ6H4YOWFAywf225nYk3l5ATsG6rNbhYk= =Avma -----END PGP SIGNATURE----- . Crash Reporter We would like to acknowledge Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University for their assistance

Trust: 2.88

sources: NVD: CVE-2021-30677 // JVNDB: JVNDB-2021-013486 // CNNVD: CNNVD-202104-975 // VULHUB: VHN-390410 // VULMON: CVE-2021-30677 // PACKETSTORM: 162823 // PACKETSTORM: 162825 // PACKETSTORM: 162826 // PACKETSTORM: 162827 // PACKETSTORM: 163647 // PACKETSTORM: 163649

AFFECTED PRODUCTS

vendor:applemodel:mac os xscope:lteversion:10.15.6

Trust: 1.0

vendor:applemodel:iphone osscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:macosscope:ltversion:11.4

Trust: 1.0

vendor:applemodel:mac os xscope:lteversion:10.14.5

Trust: 1.0

vendor:applemodel:ipadosscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.14.6

Trust: 1.0

vendor:applemodel:watchosscope:ltversion:7.5

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.14

Trust: 1.0

vendor:applemodel:mac os xscope:gteversion:10.15

Trust: 1.0

vendor:applemodel:tvosscope:ltversion:14.6

Trust: 1.0

vendor:applemodel:mac os xscope:eqversion:10.15.7

Trust: 1.0

vendor:applemodel:macosscope:gteversion:11.0

Trust: 1.0

vendor:アップルmodel:apple mac os xscope: - version: -

Trust: 0.8

vendor:アップルmodel:ipadosscope: - version: -

Trust: 0.8

vendor:アップルmodel:watchosscope: - version: -

Trust: 0.8

vendor:アップルmodel:iosscope: - version: -

Trust: 0.8

vendor:アップルmodel:macosscope: - version: -

Trust: 0.8

vendor:アップルmodel:tvosscope: - version: -

Trust: 0.8

sources: JVNDB: JVNDB-2021-013486 // NVD: CVE-2021-30677

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2021-30677
value: HIGH

Trust: 1.0

NVD: CVE-2021-30677
value: HIGH

Trust: 0.8

CNNVD: CNNVD-202104-975
value: MEDIUM

Trust: 0.6

CNNVD: CNNVD-202105-1565
value: HIGH

Trust: 0.6

VULHUB: VHN-390410
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2021-30677
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.8

VULHUB: VHN-390410
severity: MEDIUM
baseScore: 4.6
vectorString: AV:L/AC:L/AU:N/C:P/I:P/A:P
accessVector: LOCAL
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 3.9
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

nvd@nist.gov: CVE-2021-30677
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: 2.0
impactScore: 6.0
version: 3.1

Trust: 1.0

NVD: CVE-2021-30677
baseSeverity: HIGH
baseScore: 8.8
vectorString: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
attackVector: LOCAL
attackComplexity: LOW
privilegesRequired: LOW
userInteraction: NONE
scope: CHANGED
confidentialityImpact: HIGH
integrityImpact: HIGH
availabilityImpact: HIGH
exploitabilityScore: NONE
impactScore: NONE
version: 3.0

Trust: 0.8

sources: VULHUB: VHN-390410 // JVNDB: JVNDB-2021-013486 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1565 // NVD: CVE-2021-30677

PROBLEMTYPE DATA

problemtype:NVD-CWE-noinfo

Trust: 1.0

problemtype:Lack of information (CWE-noinfo) [NVD evaluation ]

Trust: 0.8

sources: JVNDB: JVNDB-2021-013486 // NVD: CVE-2021-30677

THREAT TYPE

local

Trust: 0.6

sources: CNNVD: CNNVD-202105-1565

TYPE

other

Trust: 0.6

sources: CNNVD: CNNVD-202104-975

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-390410

PATCH

title:HT212603 Apple  Security updateurl:https://support.apple.com/en-us/HT212528

Trust: 0.8

title:Apple tvOS Fixing measures for security feature vulnerabilitiesurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=151750

Trust: 0.6

title:Apple: iOS 14.6 and iPadOS 14.6url:https://vulmon.com/vendoradvisory?qidtp=apple_security_advisories&qid=aebc753d2fbbe6784a52339b16fd5417

Trust: 0.1

sources: VULMON: CVE-2021-30677 // JVNDB: JVNDB-2021-013486 // CNNVD: CNNVD-202105-1565

EXTERNAL IDS

db:NVDid:CVE-2021-30677

Trust: 4.0

db:PACKETSTORMid:162823

Trust: 0.8

db:JVNDBid:JVNDB-2021-013486

Trust: 0.8

db:CNNVDid:CNNVD-202105-1565

Trust: 0.7

db:PACKETSTORMid:163647

Trust: 0.7

db:CS-HELPid:SB2021041363

Trust: 0.6

db:CNNVDid:CNNVD-202104-975

Trust: 0.6

db:CS-HELPid:SB2021052503

Trust: 0.6

db:CS-HELPid:SB2021072231

Trust: 0.6

db:CS-HELPid:SB2021072219

Trust: 0.6

db:AUSCERTid:ESB-2021.1794

Trust: 0.6

db:AUSCERTid:ESB-2021.2492

Trust: 0.6

db:PACKETSTORMid:162826

Trust: 0.2

db:PACKETSTORMid:162825

Trust: 0.2

db:PACKETSTORMid:162827

Trust: 0.2

db:VULHUBid:VHN-390410

Trust: 0.1

db:VULMONid:CVE-2021-30677

Trust: 0.1

db:PACKETSTORMid:163649

Trust: 0.1

sources: VULHUB: VHN-390410 // VULMON: CVE-2021-30677 // JVNDB: JVNDB-2021-013486 // PACKETSTORM: 162823 // PACKETSTORM: 162825 // PACKETSTORM: 162826 // PACKETSTORM: 162827 // PACKETSTORM: 163647 // PACKETSTORM: 163649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1565 // NVD: CVE-2021-30677

REFERENCES

url:https://support.apple.com/en-us/ht212603

Trust: 2.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30677

Trust: 2.0

url:https://support.apple.com/kb/ht212602

Trust: 1.7

url:https://support.apple.com/en-us/ht212528

Trust: 1.7

url:https://support.apple.com/en-us/ht212529

Trust: 1.7

url:https://support.apple.com/en-us/ht212532

Trust: 1.7

url:https://support.apple.com/en-us/ht212533

Trust: 1.7

url:https://support.apple.com/en-us/ht212600

Trust: 1.7

url:https://www.apple.com/support/security/pgp/

Trust: 0.6

url:https://support.apple.com/kb/ht201222

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021041363

Trust: 0.6

url:https://packetstormsecurity.com/files/163647/apple-security-advisory-2021-07-21-3.html

Trust: 0.6

url:https://vigilance.fr/vulnerability/apple-ios-multiple-vulnerabilities-35513

Trust: 0.6

url:https://packetstormsecurity.com/files/162823/apple-security-advisory-2021-05-25-1.html

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021052503

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072219

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.1794

Trust: 0.6

url:https://www.auscert.org.au/bulletins/esb-2021.2492

Trust: 0.6

url:https://www.cybersecurity-help.cz/vdb/sb2021072231

Trust: 0.6

url:https://nvd.nist.gov/vuln/detail/cve-2021-21779

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-30685

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-30682

Trust: 0.4

url:https://nvd.nist.gov/vuln/detail/cve-2021-30689

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30705

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30697

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30704

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30707

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30686

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30687

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30681

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30700

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-30701

Trust: 0.3

url:https://support.apple.com/downloads/

Trust: 0.3

url:https://nvd.nist.gov/vuln/detail/cve-2021-23841

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30744

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30715

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30749

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30740

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30710

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30737

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30736

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30720

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30727

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30724

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30734

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30799

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30781

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30777

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30793

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30733

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30790

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30788

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30787

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30766

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30765

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30672

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30805

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30780

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30759

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30703

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30782

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30760

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30783

Trust: 0.2

url:https://nvd.nist.gov/vuln/detail/cve-2021-30796

Trust: 0.2

url:https://support.apple.com/kb/ht212528

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30709

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30695

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30708

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30698

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30699

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30694

Trust: 0.1

url:https://www.apple.com/itunes/

Trust: 0.1

url:https://support.apple.com/ht212528.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30674

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30693

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30667

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30691

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30692

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30663

Trust: 0.1

url:https://support.apple.com/ht212532.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30665

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36228

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30684

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36222

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30671

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30669

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36221

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36225

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30676

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36226

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36224

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36229

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36223

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30679

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30673

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30678

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36230

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30680

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2020-36227

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30683

Trust: 0.1

url:https://support.apple.com/ht212529.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30668

Trust: 0.1

url:https://support.apple.com/ht212533.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30768

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30776

Trust: 0.1

url:https://support.apple.com/ht212600.

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30789

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30731

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30775

Trust: 0.1

url:https://nvd.nist.gov/vuln/detail/cve-2021-30785

Trust: 0.1

url:https://support.apple.com/ht212603.

Trust: 0.1

sources: VULHUB: VHN-390410 // VULMON: CVE-2021-30677 // JVNDB: JVNDB-2021-013486 // PACKETSTORM: 162823 // PACKETSTORM: 162825 // PACKETSTORM: 162826 // PACKETSTORM: 162827 // PACKETSTORM: 163647 // PACKETSTORM: 163649 // CNNVD: CNNVD-202104-975 // CNNVD: CNNVD-202105-1565 // NVD: CVE-2021-30677

CREDITS

Apple

Trust: 0.6

sources: PACKETSTORM: 162823 // PACKETSTORM: 162825 // PACKETSTORM: 162826 // PACKETSTORM: 162827 // PACKETSTORM: 163647 // PACKETSTORM: 163649

SOURCES

db:VULHUBid:VHN-390410
db:VULMONid:CVE-2021-30677
db:JVNDBid:JVNDB-2021-013486
db:PACKETSTORMid:162823
db:PACKETSTORMid:162825
db:PACKETSTORMid:162826
db:PACKETSTORMid:162827
db:PACKETSTORMid:163647
db:PACKETSTORMid:163649
db:CNNVDid:CNNVD-202104-975
db:CNNVDid:CNNVD-202105-1565
db:NVDid:CVE-2021-30677

LAST UPDATE DATE

2024-08-14T12:36:00.683000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-390410date:2021-11-03T00:00:00
db:JVNDBid:JVNDB-2021-013486date:2022-09-14T04:39:00
db:CNNVDid:CNNVD-202104-975date:2021-04-14T00:00:00
db:CNNVDid:CNNVD-202105-1565date:2021-10-28T00:00:00
db:NVDid:CVE-2021-30677date:2021-11-03T20:22:43.107

SOURCES RELEASE DATE

db:VULHUBid:VHN-390410date:2021-09-08T00:00:00
db:JVNDBid:JVNDB-2021-013486date:2022-09-14T00:00:00
db:PACKETSTORMid:162823date:2021-05-26T17:48:03
db:PACKETSTORMid:162825date:2021-05-26T17:50:13
db:PACKETSTORMid:162826date:2021-05-26T17:50:31
db:PACKETSTORMid:162827date:2021-05-26T17:50:55
db:PACKETSTORMid:163647date:2021-07-23T15:30:33
db:PACKETSTORMid:163649date:2021-07-23T15:31:52
db:CNNVDid:CNNVD-202104-975date:2021-04-13T00:00:00
db:CNNVDid:CNNVD-202105-1565date:2021-05-25T00:00:00
db:NVDid:CVE-2021-30677date:2021-09-08T15:15:14.123