cvelistv5 - CVE-2021-1797

CVE-2021-1797 (GCVE-0-2021-1797)

Vulnerability from cvelistv5

Published

2021-04-02 18:04

Modified

2024-08-03 16:25

Severity ?

CWE

A local user may be able to read arbitrary files

Summary

References

URL

Tags

product-security@apple.com	http://seclists.org/fulldisclosure/2021/Apr/51	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212146	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212147	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212148	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212149	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212326	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212327	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Apr/51	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212146	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212147	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212148	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212149	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212326	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212327	Vendor Advisory

Impacted products

Vendor

Product

Version

Apple

iOS and iPadOS

Version: unspecified < 14.4

Apple	macOS	Version: unspecified < 11.2
Apple	macOS	Version: unspecified < 7.3
Apple	macOS	Version: unspecified < 14.4

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T16:25:04.792Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212147"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212146"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212148"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212149"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212326"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212327"
          },
          {
            "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "iOS and iPadOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.2",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "7.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A local user may be able to read arbitrary files",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-04-27T20:06:41",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212147"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212146"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212148"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212149"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212326"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212327"
        },
        {
          "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-1797",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "iOS and iPadOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.2"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A local user may be able to read arbitrary files"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212147",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212147"
            },
            {
              "name": "https://support.apple.com/en-us/HT212146",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212146"
            },
            {
              "name": "https://support.apple.com/en-us/HT212148",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212148"
            },
            {
              "name": "https://support.apple.com/en-us/HT212149",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212149"
            },
            {
              "name": "https://support.apple.com/kb/HT212326",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212326"
            },
            {
              "name": "https://support.apple.com/kb/HT212327",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212327"
            },
            {
              "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-1797",
    "datePublished": "2021-04-02T18:04:01",
    "dateReserved": "2020-12-08T00:00:00",
    "dateUpdated": "2024-08-03T16:25:04.792Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-1797\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-04-02T19:15:19.520\",\"lastModified\":\"2024-11-21T05:45:08.047\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.\"},{\"lang\":\"es\",\"value\":\"El problema se abord\u00f3 con una l\u00f3gica de permisos mejorada.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS versi\u00f3n 7.3, tvOS versi\u00f3n 14.4, iOS versi\u00f3n 14.4 y iPadOS versi\u00f3n 14.4.\u0026#xa0;Un usuario local puede ser capaz de leer archivos arbitrarios.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:N/A:N\",\"baseScore\":2.1,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"NONE\"},\"baseSeverity\":\"LOW\",\"exploitabilityScore\":3.9,\"impactScore\":2.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"527CAF62-2FF0-4BC9-A537-EE52825C7504\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"062166D7-2444-4022-B7E4-13884C43EDCA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"10.14.6\",\"matchCriteriaId\":\"B0E97851-4DFF-4852-A339-183331F4ACBC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.15\",\"versionEndExcluding\":\"10.15.7\",\"matchCriteriaId\":\"DB8A73F8-3074-4B32-B9F6-343B6B1988C5\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"85D21088-00C3-401A-97EE-999424A39F0A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"CFE26ECC-A2C2-4501-9950-510DE0E1BD86\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"26108BEF-0847-4AB0-BD98-35344DFA7835\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0FD3467D-7679-479F-9C0B-A93F7CD0929D\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D4C6098E-EDBD-4A85-8282-B2E9D9333872\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"518BB47B-DD76-4E8C-9F10-7EBC1E146191\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"63940A55-D851-46EB-9668-D82BEFC1FE95\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"68C7A97A-3801-44FA-96CA-10298FA39883\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*\",\"matchCriteriaId\":\"6D69914D-46C7-4A0E-A075-C863C1692D33\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"9CDB4476-B521-43E4-A129-8718A8E0A8CD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A654B8A2-FC30-4171-B0BB-366CD7ED4B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F4BF7F-90D4-4668-B4E6-B06F4070F448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F441A43-1669-478D-9EC8-E96882DE4F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*\",\"matchCriteriaId\":\"C1C795B9-E58D-467C-83A8-2D45C792292F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"11.0.1\",\"versionEndExcluding\":\"11.2\",\"matchCriteriaId\":\"084F8722-A895-4FC2-821E-DF0B129653BC\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.4\",\"matchCriteriaId\":\"7320CF7C-3750-4CAA-8B7C-CAFC7E65354A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.3\",\"matchCriteriaId\":\"9AA4C59B-EC23-4723-9DFF-412938209DE5\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Apr/51\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212146\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212147\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212148\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212149\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212326\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212327\",\"source\":\"product-security@apple.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Apr/51\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212146\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212147\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212148\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212149\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212326\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212327\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}"
  }
}

var-202104-0620

Vulnerability from variot

The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A security vulnerability exists in Apple macOS due to applications not properly imposing security restrictions within the APFS component of macOS. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. Information about the security content is also available at https://support.apple.com/HT212327. CVE-2021-1797: Thomas Tempelmann

Audio Available for: macOS Mojave Impact: An application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab

CFNetwork Available for: macOS Mojave Impact: Processing maliciously crafted web content may disclose sensitive user information Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1857: an anonymous researcher

CoreAudio Available for: macOS Mojave Impact: A malicious application may be able to read restricted memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab

CoreGraphics Available for: macOS Mojave Impact: Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution Description: A memory corruption issue was addressed with improved validation. CVE-2021-1847: Xuwei Liu of Purdue University

CoreText Available for: macOS Mojave Impact: Processing a maliciously crafted font may result in the disclosure of process memory Description: A logic issue was addressed with improved state management. CVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab

curl Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: A buffer overflow was addressed with improved input validation. CVE-2020-8285: xnynx

curl Available for: macOS Mojave Impact: An attacker may provide a fraudulent OCSP response that would appear valid Description: This issue was addressed with improved checks. CVE-2020-8286: an anonymous researcher

DiskArbitration Available for: macOS Mojave Impact: A malicious application may be able to modify protected parts of the file system Description: A permissions issue existed in DiskArbitration. This was addressed with additional ownership checks. CVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an anonymous researcher, and Mikko Kenttälä (@Turmio_) of SensorFu

FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous researcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin of Trend Micro

FontParser Available for: macOS Mojave Impact: Processing a maliciously crafted font file may lead to arbitrary code execution Description: A logic issue was addressed with improved state management. CVE-2020-27942: an anonymous researcher

Foundation Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A validation issue was addressed with improved logic. CVE-2021-1813: Cees Elzinga

ImageIO Available for: macOS Mojave Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-1843: Ye Zhang of Baidu Security

Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with additional validation. CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Intel Graphics Driver Available for: macOS Mojave Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds write issue was addressed with improved bounds checking. CVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day Initiative

Kernel Available for: macOS Mojave Impact: A malicious application may be able to disclose kernel memory Description: A memory initialization issue was addressed with improved memory handling. CVE-2021-1860: @0xalsr

Kernel Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with kernel privileges Description: A logic issue was addressed with improved state management. CVE-2021-1851: @0xalsr

Kernel Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved validation. CVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

libxpc Available for: macOS Mojave Impact: A malicious application may be able to gain root privileges Description: A race condition was addressed with additional validation. CVE-2021-30652: James Hutchins

libxslt Available for: macOS Mojave Impact: Processing a maliciously crafted file may lead to heap corruption Description: A double free issue was addressed with improved memory management. CVE-2021-1875: Found by OSS-Fuzz

NSRemoteView Available for: macOS Mojave Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management. CVE-2021-1876: Matthew Denton of Google Chrome

Preferences Available for: macOS Mojave Impact: A local user may be able to modify protected parts of the file system Description: A parsing issue in the handling of directory paths was addressed with improved path validation. CVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

smbx Available for: macOS Mojave Impact: An attacker in a privileged network position may be able to leak sensitive user information Description: An integer overflow was addressed with improved input validation. CVE-2021-1878: Aleksandar Nikolic of Cisco Talos (talosintelligence.com)

Tailspin Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: A logic issue was addressed with improved state management. CVE-2021-1868: Tim Michaud of Zoom Communications

tcpdump Available for: macOS Mojave Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed with improved checks. CVE-2020-8037: an anonymous researcher

Time Machine Available for: macOS Mojave Impact: A local attacker may be able to elevate their privileges Description: The issue was addressed with improved permissions logic. CVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications and Gary Nield of ECSC Group plc

Wi-Fi Available for: macOS Mojave Impact: An application may be able to cause unexpected system termination or write kernel memory Description: A memory corruption issue was addressed with improved validation. CVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong Security Lab

wifivelocityd Available for: macOS Mojave Impact: An application may be able to execute arbitrary code with system privileges Description: The issue was addressed with improved permissions logic. CVE-2020-3838: Dayton Pidhirney (@_watbulb)

Windows Server Available for: macOS Mojave Impact: A malicious application may be able to unexpectedly leak a user's credentials from secure text fields Description: An API issue in Accessibility TCC permissions was addressed with improved state management. CVE-2021-1873: an anonymous researcher

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6 jjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q /ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s I5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4 oVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt xrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a UhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk rf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT ITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu s1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1 k/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L I/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE= =NZ77 -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202104-0620",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "macos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.0.1"
      },
      {
        "model": "tvos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      },
      {
        "model": "iphone os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.2"
      },
      {
        "model": "ipad os",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "14.4"
      },
      {
        "model": "watchos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "7.3"
      },
      {
        "model": "mac os x",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.14.6"
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      }
    ],
    "trust": 0.8
  },
  "cve": "CVE-2021-1797",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "CVE-2021-1797",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 1.1,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-376457",
            "impactScore": 2.9,
            "integrityImpact": "NONE",
            "severity": "LOW",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:N/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "id": "CVE-2021-1797",
            "impactScore": 3.6,
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2021-1797",
            "trust": 1.0,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202102-079",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "VULHUB",
            "id": "VHN-376457",
            "trust": 0.1,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-1797",
            "trust": 0.1,
            "value": "LOW"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files. Apple macOS is a set of dedicated operating systems developed by Apple Corporation for Mac computers. A security vulnerability exists in Apple macOS due to applications not properly imposing security restrictions within the APFS component of macOS. Vulnerabilities exist in the following products or versions: macOS 11.0, macOS 11.0.1, macOS 11.1. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212327. \nCVE-2021-1797: Thomas Tempelmann\n\nAudio\nAvailable for: macOS Mojave\nImpact: An application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1808: JunDong Xie of Ant Security Light-Year Lab\n\nCFNetwork\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may disclose\nsensitive user information\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1857: an anonymous researcher\n\nCoreAudio\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to read restricted memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1809: JunDong Xie of Ant Security Light-Year Lab\n\nCoreGraphics\nAvailable for: macOS Mojave\nImpact: Opening a maliciously crafted file may lead to unexpected\napplication termination or arbitrary code execution\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1847: Xuwei Liu of Purdue University\n\nCoreText\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font may result in the\ndisclosure of process memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1811: Xingwei Lin of Ant Security Light-Year Lab\n\ncurl\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2020-8285: xnynx\n\ncurl\nAvailable for: macOS Mojave\nImpact: An attacker may provide a fraudulent OCSP response that would\nappear valid\nDescription: This issue was addressed with improved checks. \nCVE-2020-8286: an anonymous researcher\n\nDiskArbitration\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: A permissions issue existed in DiskArbitration. This was\naddressed with additional ownership checks. \nCVE-2021-1784: Csaba Fitzl (@theevilbit) of Offensive Security, an\nanonymous researcher, and Mikko Kentt\u00e4l\u00e4 (@Turmio_) of SensorFu\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-1881: Hou JingYi (@hjy79425575) of Qihoo 360, an anonymous\nresearcher, Xingwei Lin of Ant Security Light-Year Lab, and Mickey\nJin of Trend Micro\n\nFontParser\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted font file may lead to\narbitrary code execution\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2020-27942: an anonymous researcher\n\nFoundation\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A validation issue was addressed with improved logic. \nCVE-2021-1813: Cees Elzinga\n\nImageIO\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-1843: Ye Zhang of Baidu Security\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nIntel Graphics Driver\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds write issue was addressed with improved\nbounds checking. \nCVE-2021-1834: ABC Research s.r.o. working with Trend Micro Zero Day\nInitiative\n\nKernel\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to disclose kernel memory\nDescription: A memory initialization issue was addressed with\nimproved memory handling. \nCVE-2021-1860: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1851: @0xalsr\n\nKernel\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1840: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nlibxpc\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to gain root privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2021-30652: James Hutchins\n\nlibxslt\nAvailable for: macOS Mojave\nImpact: Processing a maliciously crafted file may lead to heap\ncorruption\nDescription: A double free issue was addressed with improved memory\nmanagement. \nCVE-2021-1875: Found by OSS-Fuzz\n\nNSRemoteView\nAvailable for: macOS Mojave\nImpact: Processing maliciously crafted web content may lead to\narbitrary code execution\nDescription: A use after free issue was addressed with improved\nmemory management. \nCVE-2021-1876: Matthew Denton of Google Chrome\n\nPreferences\nAvailable for: macOS Mojave\nImpact: A local user may be able to modify protected parts of the\nfile system\nDescription: A parsing issue in the handling of directory paths was\naddressed with improved path validation. \nCVE-2021-1739: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\n\nsmbx\nAvailable for: macOS Mojave\nImpact: An attacker in a privileged network position may be able to\nleak sensitive user information\nDescription: An integer overflow was addressed with improved input\nvalidation. \nCVE-2021-1878: Aleksandar Nikolic of Cisco Talos\n(talosintelligence.com)\n\nTailspin\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-1868: Tim Michaud of Zoom Communications\n\ntcpdump\nAvailable for: macOS Mojave\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed with improved checks. \nCVE-2020-8037: an anonymous researcher\n\nTime Machine\nAvailable for: macOS Mojave\nImpact: A local attacker may be able to elevate their privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-1839: Tim Michaud(@TimGMichaud) of Zoom Video Communications\nand Gary Nield of ECSC Group plc\n\nWi-Fi\nAvailable for: macOS Mojave\nImpact: An application may be able to cause unexpected system\ntermination or write kernel memory\nDescription: A memory corruption issue was addressed with improved\nvalidation. \nCVE-2021-1828: Zuozhi Fan (@pattern_F_) of Ant Group Tianqiong\nSecurity Lab\n\nwifivelocityd\nAvailable for: macOS Mojave\nImpact: An application may be able to execute arbitrary code with\nsystem privileges\nDescription: The issue was addressed with improved permissions logic. \nCVE-2020-3838: Dayton Pidhirney (@_watbulb)\n\nWindows Server\nAvailable for: macOS Mojave\nImpact: A malicious application may be able to unexpectedly leak a\nuser\u0027s credentials from secure text fields\nDescription: An API issue in Accessibility TCC permissions was\naddressed with improved state management. \nCVE-2021-1873: an anonymous researcher\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCHO2EACgkQZcsbuWJ6\njjBHBhAAmHYbcREaaxOXQwrb56He+ool1GyXUCGknHRnEO6Ik0nyE/GeUPuv8Y/Q\n/ywr188mv3ehtjFlXWpHtqwOn0KoNlAlcE+jy9r3QGTxNmBM2z30FeC0wiYYEi7s\nI5xWkZIcnO1jq2CMGVHHfbLhyLnkWblwWvCOWriCRzbTocEWgEqwrh/uguTVRWB4\noVo8+uHcdiS2gqS0LIMbbvP6SGkfPwVlL8Mr/e96xdditiRbZX01GkAm0l5ezYHt\nxrs8378fmQK3su4dHrkHpFpTmT3Yib8Jtotat8cgu6lWxLGEFR5kOye4QIjFCl/a\nUhnR52nlMyYlh4anbqUs7PAh2QDVa3scaRfGTdAogPfaZIAhaaiuj8qXUOsAxEhk\nrf0TOXmgCDfhuaA08Ys43sgUgunPLOa2+jMT4VspLZxDTkWLDrGFjlM4P5643WrT\nITAKLoqq8SOhce6gd3VECvG+EK/fBWrdwzsVDzfxU3yW3kSCKxX25KcRePwJZAAu\ns1ZZpIZdY7rmi1DwafNSig2dncjUZJy6AhiI5w6cpQzBOQVioU8oac2JDi1X2Rn1\nk/D3VQfmYas7HGqUSwx3MUx+yybktm+8Ogo+vtcRKCzUF5t13bwpyAda0mJ62c6L\nI/ISWomRdC4XX3AQL5EJLzO9slpOBqWsbQb0cULdt+mb4H+nLDE=\n=NZ77\n-----END PGP SIGNATURE-----\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      },
      {
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      }
    ],
    "trust": 1.26
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-1797",
        "trust": 2.0
      },
      {
        "db": "PACKETSTORM",
        "id": "162360",
        "trust": 0.8
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1416",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0354",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "162362",
        "trust": 0.2
      },
      {
        "db": "VULHUB",
        "id": "VHN-376457",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1797",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "id": "VAR-202104-0620",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376457"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-11-23T19:30:24.744000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "Apple macOS Security vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140291"
      }
    ],
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "NVD-CWE-noinfo",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht212326"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht212327"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2021/apr/51"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212146"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212147"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212148"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212149"
      },
      {
        "trust": 0.8,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1797"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/162360/apple-security-advisory-2021-04-26-3.html"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-34452"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0354/"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1416"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212327"
      },
      {
        "trust": 0.2,
        "url": "http://seclists.org/fulldisclosure/2021/apr/54"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1860"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1857"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1813"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1840"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1876"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1739"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1851"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1828"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1809"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1875"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8037"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1784"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1847"
      },
      {
        "trust": 0.2,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1843"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-27942"
      },
      {
        "trust": 0.2,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1811"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1839"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-3838"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8285"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1834"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1873"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-8286"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1808"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1868"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212326."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1810"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1824"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1740"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1878"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212327."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1806"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-1805"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "date": "2021-04-02T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "date": "2021-04-28T14:58:36",
        "db": "PACKETSTORM",
        "id": "162360"
      },
      {
        "date": "2021-04-28T15:00:23",
        "db": "PACKETSTORM",
        "id": "162362"
      },
      {
        "date": "2021-02-02T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      },
      {
        "date": "2021-04-02T19:15:19.520000",
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-05-04T00:00:00",
        "db": "VULHUB",
        "id": "VHN-376457"
      },
      {
        "date": "2021-05-04T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-1797"
      },
      {
        "date": "2021-11-03T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      },
      {
        "date": "2024-11-21T05:45:08.047000",
        "db": "NVD",
        "id": "CVE-2021-1797"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple macOS Security hole",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202102-079"
      }
    ],
    "trust": 0.6
  }
}

cnvd-2021-09300

Vulnerability from cnvd

Title

Apple macOS任意文件读取漏洞

Description

Apple macOS是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。 Apple macOS存在任意文件读取漏洞，该漏洞源于应用程序未在macOS的APFS组件内正确施加安全限制。本地用户可以读取系统上的任意文件。

Severity

中

Patch Name

Apple macOS任意文件读取漏洞的补丁

Patch Description

Apple macOS是美国苹果（Apple）公司的一套专为Mac计算机所开发的专用操作系统。 Apple macOS存在任意文件读取漏洞，该漏洞源于应用程序未在macOS的APFS组件内正确施加安全限制。本地用户可以读取系统上的任意文件。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

厂商已发布了漏洞修复程序，请及时关注更新： https://support.apple.com/en-us/HT212146

Reference

https://vigilance.fr/vulnerability/Apple-macOS-multiple-vulnerabilities-34452

Impacted products

Name
Apple Apple macOS

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-1797",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2021-1797"
    }
  },
  "description": "Apple macOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\n\nApple macOS\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u672a\u5728macOS\u7684APFS\u7ec4\u4ef6\u5185\u6b63\u786e\u65bd\u52a0\u5b89\u5168\u9650\u5236\u3002\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bfb\u53d6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002",
  "formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://support.apple.com/en-us/HT212146",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-09300",
  "openTime": "2021-02-05",
  "patchDescription": "Apple macOS\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u5957\u4e13\u4e3aMac\u8ba1\u7b97\u673a\u6240\u5f00\u53d1\u7684\u4e13\u7528\u64cd\u4f5c\u7cfb\u7edf\u3002\r\n\r\nApple macOS\u5b58\u5728\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5e94\u7528\u7a0b\u5e8f\u672a\u5728macOS\u7684APFS\u7ec4\u4ef6\u5185\u6b63\u786e\u65bd\u52a0\u5b89\u5168\u9650\u5236\u3002\u672c\u5730\u7528\u6237\u53ef\u4ee5\u8bfb\u53d6\u7cfb\u7edf\u4e0a\u7684\u4efb\u610f\u6587\u4ef6\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Apple  Apple macOS"
  },
  "referenceLink": "https://vigilance.fr/vulnerability/Apple-macOS-multiple-vulnerabilities-34452",
  "serverity": "\u4e2d",
  "submitTime": "2021-02-04",
  "title": "Apple macOS\u4efb\u610f\u6587\u4ef6\u8bfb\u53d6\u6f0f\u6d1e"
}

CERTFR-2021-AVI-314

Vulnerability from certfr_avis

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 14.1
Apple	macOS	macOS Mojave sans le correctif de sécurité 2021-003
Apple	N/A	tvOS versions antérieures à 14.5
Apple	macOS	macOS Big Sur versions antérieures à 11.3
Apple	N/A	iTunes versions antérieures à 12.11.3 sur Windows
Apple	N/A	watchOS versions antérieures à 7.4
Apple	N/A	iCloud pour Windows versions antérieures à 12.3
Apple	N/A	iOS et iPadOS versions antérieures à 14.5
Apple	macOS	macOS Catalina sans le correctif de sécurité 2021-002
Apple	N/A	Xcode versions antérieures à 12.5

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212325 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212327 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212317 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212318 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212324 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212326 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212319 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212323 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212320 du 26 avril 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212321 du 26 avril 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 14.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.3",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iTunes versions ant\u00e9rieures \u00e0 12.11.3 sur Windows",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 7.4",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iCloud pour Windows versions ant\u00e9rieures \u00e0 12.3",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS et iPadOS versions ant\u00e9rieures \u00e0 14.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-002",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Xcode versions ant\u00e9rieures \u00e0 12.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1815",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1815"
    },
    {
      "name": "CVE-2021-1835",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1835"
    },
    {
      "name": "CVE-2021-1853",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1853"
    },
    {
      "name": "CVE-2021-1784",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1784"
    },
    {
      "name": "CVE-2020-3838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-3838"
    },
    {
      "name": "CVE-2021-1855",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1855"
    },
    {
      "name": "CVE-2021-1831",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1831"
    },
    {
      "name": "CVE-2021-1839",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1839"
    },
    {
      "name": "CVE-2021-1857",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1857"
    },
    {
      "name": "CVE-2021-1847",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1847"
    },
    {
      "name": "CVE-2021-1877",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1877"
    },
    {
      "name": "CVE-2021-1829",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1829"
    },
    {
      "name": "CVE-2021-1854",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1854"
    },
    {
      "name": "CVE-2021-1861",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1861"
    },
    {
      "name": "CVE-2021-1830",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1830"
    },
    {
      "name": "CVE-2020-8285",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8285"
    },
    {
      "name": "CVE-2021-30657",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30657"
    },
    {
      "name": "CVE-2021-1828",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1828"
    },
    {
      "name": "CVE-2021-1811",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1811"
    },
    {
      "name": "CVE-2021-1844",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1844"
    },
    {
      "name": "CVE-2021-1820",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1820"
    },
    {
      "name": "CVE-2020-8037",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8037"
    },
    {
      "name": "CVE-2021-30655",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30655"
    },
    {
      "name": "CVE-2020-8286",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-8286"
    },
    {
      "name": "CVE-2021-1810",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1810"
    },
    {
      "name": "CVE-2021-1880",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1880"
    },
    {
      "name": "CVE-2021-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
    },
    {
      "name": "CVE-2021-1852",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1852"
    },
    {
      "name": "CVE-2021-1813",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1813"
    },
    {
      "name": "CVE-2021-1837",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1837"
    },
    {
      "name": "CVE-2021-1875",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1875"
    },
    {
      "name": "CVE-2021-1860",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1860"
    },
    {
      "name": "CVE-2021-1826",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1826"
    },
    {
      "name": "CVE-2021-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
    },
    {
      "name": "CVE-2021-1851",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1851"
    },
    {
      "name": "CVE-2021-1817",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1817"
    },
    {
      "name": "CVE-2021-21300",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21300"
    },
    {
      "name": "CVE-2021-1814",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1814"
    },
    {
      "name": "CVE-2021-1865",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1865"
    },
    {
      "name": "CVE-2021-1825",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1825"
    },
    {
      "name": "CVE-2021-1822",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1822"
    },
    {
      "name": "CVE-2021-30661",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30661"
    },
    {
      "name": "CVE-2021-1872",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1872"
    },
    {
      "name": "CVE-2021-1816",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1816"
    },
    {
      "name": "CVE-2021-1843",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1843"
    },
    {
      "name": "CVE-2021-1868",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1868"
    },
    {
      "name": "CVE-2021-30658",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30658"
    },
    {
      "name": "CVE-2021-1836",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1836"
    },
    {
      "name": "CVE-2021-1739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1739"
    },
    {
      "name": "CVE-2021-1864",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1864"
    },
    {
      "name": "CVE-2021-1840",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1840"
    },
    {
      "name": "CVE-2021-1874",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1874"
    },
    {
      "name": "CVE-2021-1808",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1808"
    },
    {
      "name": "CVE-2021-1832",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1832"
    },
    {
      "name": "CVE-2021-1882",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1882"
    },
    {
      "name": "CVE-2021-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
    },
    {
      "name": "CVE-2021-1881",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1881"
    },
    {
      "name": "CVE-2021-1876",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1876"
    },
    {
      "name": "CVE-2021-1878",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1878"
    },
    {
      "name": "CVE-2021-1809",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1809"
    },
    {
      "name": "CVE-2021-30656",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30656"
    },
    {
      "name": "CVE-2021-1873",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1873"
    },
    {
      "name": "CVE-2021-1846",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1846"
    },
    {
      "name": "CVE-2021-1885",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1885"
    },
    {
      "name": "CVE-2021-1841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1841"
    },
    {
      "name": "CVE-2021-1740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1740"
    },
    {
      "name": "CVE-2021-30653",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30653"
    },
    {
      "name": "CVE-2021-1867",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1867"
    },
    {
      "name": "CVE-2021-1806",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1806"
    },
    {
      "name": "CVE-2021-1858",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1858"
    },
    {
      "name": "CVE-2021-1859",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1859"
    },
    {
      "name": "CVE-2021-30660",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30660"
    },
    {
      "name": "CVE-2021-30652",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30652"
    },
    {
      "name": "CVE-2021-1848",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1848"
    },
    {
      "name": "CVE-2020-7463",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-7463"
    },
    {
      "name": "CVE-2020-27942",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27942"
    },
    {
      "name": "CVE-2021-1824",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1824"
    },
    {
      "name": "CVE-2021-1834",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1834"
    },
    {
      "name": "CVE-2021-1849",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1849"
    },
    {
      "name": "CVE-2021-1805",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1805"
    },
    {
      "name": "CVE-2021-1807",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1807"
    },
    {
      "name": "CVE-2021-30659",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30659"
    }
  ],
  "initial_release_date": "2021-04-27T00:00:00",
  "last_revision_date": "2021-04-27T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-314",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-04-27T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212325 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212325"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212327 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212327"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212317 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212317"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212318 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212318"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212324 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212324"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212326 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212326"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212319 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212319"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212323 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212323"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212320 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212320"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212321 du 26 avril 2021",
      "url": "https://support.apple.com/fr-fr/HT212321"
    }
  ]
}

CERTFR-2021-AVI-072

Vulnerability from certfr_avis

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	macOS	macOS Catalina sans le correctif de sécurité 2021-001
Apple	Safari	Safari versions antérieures à 14.0.3
Apple	macOS	macOS Big Sur versions antérieures à 11.2
Apple	macOS	macOS Mojave sans le correctif de sécurité 2021-001

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212152 du 01 février 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212147 du 01 février 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "macOS Catalina sans le correctif de s\u00e9curit\u00e9 2021-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.0.3",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.2",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave sans le correctif de s\u00e9curit\u00e9 2021-001",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-1778",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1778"
    },
    {
      "name": "CVE-2021-1789",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1789"
    },
    {
      "name": "CVE-2021-1762",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1762"
    },
    {
      "name": "CVE-2021-1773",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1773"
    },
    {
      "name": "CVE-2021-1761",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1761"
    },
    {
      "name": "CVE-2019-20838",
      "url": "https://www.cve.org/CVERecord?id=CVE-2019-20838"
    },
    {
      "name": "CVE-2021-1775",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1775"
    },
    {
      "name": "CVE-2020-27937",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27937"
    },
    {
      "name": "CVE-2021-1738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1738"
    },
    {
      "name": "CVE-2021-1777",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1777"
    },
    {
      "name": "CVE-2021-1787",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1787"
    },
    {
      "name": "CVE-2021-1766",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1766"
    },
    {
      "name": "CVE-2021-1745",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1745"
    },
    {
      "name": "CVE-2021-1736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1736"
    },
    {
      "name": "CVE-2021-1764",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1764"
    },
    {
      "name": "CVE-2021-1743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1743"
    },
    {
      "name": "CVE-2021-1786",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1786"
    },
    {
      "name": "CVE-2021-1788",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1788"
    },
    {
      "name": "CVE-2021-1737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1737"
    },
    {
      "name": "CVE-2021-1792",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1792"
    },
    {
      "name": "CVE-2020-29614",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29614"
    },
    {
      "name": "CVE-2021-1785",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1785"
    },
    {
      "name": "CVE-2021-1818",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1818"
    },
    {
      "name": "CVE-2021-1782",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1782"
    },
    {
      "name": "CVE-2021-1793",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1793"
    },
    {
      "name": "CVE-2020-29633",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29633"
    },
    {
      "name": "CVE-2021-1751",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1751"
    },
    {
      "name": "CVE-2021-1797",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1797"
    },
    {
      "name": "CVE-2020-29608",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-29608"
    },
    {
      "name": "CVE-2021-1791",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1791"
    },
    {
      "name": "CVE-2021-1871",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1871"
    },
    {
      "name": "CVE-2021-1801",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1801"
    },
    {
      "name": "CVE-2021-1783",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1783"
    },
    {
      "name": "CVE-2021-1870",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1870"
    },
    {
      "name": "CVE-2020-27938",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27938"
    },
    {
      "name": "CVE-2021-1767",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1767"
    },
    {
      "name": "CVE-2021-1771",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1771"
    },
    {
      "name": "CVE-2020-15358",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-15358"
    },
    {
      "name": "CVE-2021-1802",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1802"
    },
    {
      "name": "CVE-2021-1747",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1747"
    },
    {
      "name": "CVE-2021-1790",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1790"
    },
    {
      "name": "CVE-2021-1765",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1765"
    },
    {
      "name": "CVE-2021-1799",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1799"
    },
    {
      "name": "CVE-2021-1746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1746"
    },
    {
      "name": "CVE-2021-1754",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1754"
    },
    {
      "name": "CVE-2021-1772",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1772"
    },
    {
      "name": "CVE-2021-1776",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1776"
    },
    {
      "name": "CVE-2021-1753",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1753"
    },
    {
      "name": "CVE-2021-1741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1741"
    },
    {
      "name": "CVE-2021-1750",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1750"
    },
    {
      "name": "CVE-2021-1744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1744"
    },
    {
      "name": "CVE-2021-1742",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1742"
    },
    {
      "name": "CVE-2021-1760",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1760"
    },
    {
      "name": "CVE-2020-27904",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27904"
    },
    {
      "name": "CVE-2021-1757",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1757"
    },
    {
      "name": "CVE-2020-25709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-25709"
    },
    {
      "name": "CVE-2020-14155",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-14155"
    },
    {
      "name": "CVE-2021-1768",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1768"
    },
    {
      "name": "CVE-2021-1774",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1774"
    },
    {
      "name": "CVE-2021-1769",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1769"
    },
    {
      "name": "CVE-2021-1759",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1759"
    },
    {
      "name": "CVE-2021-1763",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1763"
    },
    {
      "name": "CVE-2021-1779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1779"
    },
    {
      "name": "CVE-2021-1758",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1758"
    },
    {
      "name": "CVE-2020-27945",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-27945"
    }
  ],
  "initial_release_date": "2021-02-02T00:00:00",
  "last_revision_date": "2021-02-02T00:00:00",
  "links": [],
  "reference": "CERTFR-2021-AVI-072",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-02-02T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "D\u00e9ni de service \u00e0 distance"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
    },
    {
      "description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance\net un contournement de la politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212152 du 01 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212152"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212147 du 01 f\u00e9vrier 2021",
      "url": "https://support.apple.com/fr-fr/HT212147"
    }
  ]
}

gsd-2021-1797

Vulnerability from gsd

Modified

2023-12-13 01:23

Details

Aliases

CVE-2021-1797

Aliases

CVE-2021-1797

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-1797",
    "description": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.",
    "id": "GSD-2021-1797"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-1797"
      ],
      "details": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.",
      "id": "GSD-2021-1797",
      "modified": "2023-12-13T01:23:23.977572Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-1797",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "iOS and iPadOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.4"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.2"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "7.3"
                        }
                      ]
                    }
                  },
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "14.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A local user may be able to read arbitrary files"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212147",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212147"
          },
          {
            "name": "https://support.apple.com/en-us/HT212146",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212146"
          },
          {
            "name": "https://support.apple.com/en-us/HT212148",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212148"
          },
          {
            "name": "https://support.apple.com/en-us/HT212149",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212149"
          },
          {
            "name": "https://support.apple.com/kb/HT212326",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212326"
          },
          {
            "name": "https://support.apple.com/kb/HT212327",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212327"
          },
          {
            "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.14.6",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.2",
                "versionStartIncluding": "11.0.1",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "14.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "7.3",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-1797"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212146",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212146"
            },
            {
              "name": "https://support.apple.com/en-us/HT212149",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212149"
            },
            {
              "name": "https://support.apple.com/en-us/HT212147",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212147"
            },
            {
              "name": "https://support.apple.com/en-us/HT212148",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212148"
            },
            {
              "name": "https://support.apple.com/kb/HT212326",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212326"
            },
            {
              "name": "https://support.apple.com/kb/HT212327",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212327"
            },
            {
              "name": "20210427 APPLE-SA-2021-04-26-3 Security Update 2021-002 Catalina",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "NONE",
            "baseScore": 2.1,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "LOW",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "NONE",
            "baseScore": 5.5,
            "baseSeverity": "MEDIUM",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "NONE",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-05-04T19:35Z",
      "publishedDate": "2021-04-02T19:15Z"
    }
  }
}

ghsa-3973-4x54-vxm4

Vulnerability from github

Published

2022-05-24 17:46

Modified

2022-05-24 17:46

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-1797"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-04-02T19:15:00Z",
    "severity": "MODERATE"
  },
  "details": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files.",
  "id": "GHSA-3973-4x54-vxm4",
  "modified": "2022-05-24T17:46:23Z",
  "published": "2022-05-24T17:46:23Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-1797"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212146"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212147"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212148"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212149"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212326"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212327"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

fkie_cve-2021-1797

Vulnerability from fkie_nvd

Published

2021-04-02 19:15

Modified

2024-11-21 05:45

Severity ?

5.5 (Medium) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Summary

References

URL	Tags
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Apr/51	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212146	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212147	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212148	Vendor Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212149	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212326	Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212327	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Apr/51	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212146	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212147	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212148	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212149	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212326	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212327	Vendor Advisory

Impacted products

Vendor	Product	Version
apple	ipad_os	*
apple	iphone_os	*
apple	mac_os_x	*
apple	mac_os_x	*
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.14.6
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	macos	*
apple	tvos	*
apple	watchos	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "527CAF62-2FF0-4BC9-A537-EE52825C7504",
              "versionEndExcluding": "14.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "062166D7-2444-4022-B7E4-13884C43EDCA",
              "versionEndExcluding": "14.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "B0E97851-4DFF-4852-A339-183331F4ACBC",
              "versionEndExcluding": "10.14.6",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5",
              "versionEndExcluding": "10.15.7",
              "versionStartIncluding": "10.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:*:*:*:*:*:*:*",
              "matchCriteriaId": "85D21088-00C3-401A-97EE-999424A39F0A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*",
              "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*",
              "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*",
              "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*",
              "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*",
              "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*",
              "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*",
              "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*",
              "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*",
              "matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*",
              "matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
              "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*",
              "matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "084F8722-A895-4FC2-821E-DF0B129653BC",
              "versionEndExcluding": "11.2",
              "versionStartIncluding": "11.0.1",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "7320CF7C-3750-4CAA-8B7C-CAFC7E65354A",
              "versionEndExcluding": "14.4",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "9AA4C59B-EC23-4723-9DFF-412938209DE5",
              "versionEndExcluding": "7.3",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A local user may be able to read arbitrary files."
    },
    {
      "lang": "es",
      "value": "El problema se abord\u00f3 con una l\u00f3gica de permisos mejorada.\u0026#xa0;Este problema es corregido en macOS Big Sur versi\u00f3n 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS versi\u00f3n 7.3, tvOS versi\u00f3n 14.4, iOS versi\u00f3n 14.4 y iPadOS versi\u00f3n 14.4.\u0026#xa0;Un usuario local puede ser capaz de leer archivos arbitrarios."
    }
  ],
  "id": "CVE-2021-1797",
  "lastModified": "2024-11-21T05:45:08.047",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "LOW",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "NONE",
          "baseScore": 2.1,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "NONE",
          "baseScore": 5.5,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "NONE",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-04-02T19:15:19.520",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212146"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212147"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212148"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212149"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212326"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212327"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Apr/51"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212146"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212147"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212148"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212149"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212326"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212327"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "NVD-CWE-noinfo"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
Confirmed: The vulnerability is confirmed from an analyst perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
Patched: This vulnerability was successfully patched by the user reporting the sighting.
Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
Not confirmed: The user expresses doubt about the veracity of the vulnerability.
Not patched: This vulnerability was not successfully patched by the user reporting the sighting.

Action not permitted

CVE-2021-1797 (GCVE-0-2021-1797)

Vulnerability from cvelistv5

var-202104-0620

Vulnerability from variot

cnvd-2021-09300

Vulnerability from cnvd

CERTFR-2021-AVI-314

Vulnerability from certfr_avis

Solution

CERTFR-2021-AVI-072

Vulnerability from certfr_avis

Solution

gsd-2021-1797

Vulnerability from gsd

ghsa-3973-4x54-vxm4

Vulnerability from github

fkie_cve-2021-1797

Vulnerability from fkie_nvd

Tags

Sightings

Nomenclature