Vulnerability-Lookup

CVE-2021-30713 (GCVE-0-2021-30713)

Vulnerability from cvelistv5 – Published: 2021-09-08 14:29 – Updated: 2025-10-21 23:25

CISA KEV

Summary

Severity ?

7.8 (High)


                        
                          CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE

A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.

Assigner

apple

References

URL

Tags

	https://support.apple.com/en-us/HT212529	x_refsource_MISC
	https://support.apple.com/kb/HT212805	x_refsource_CONFIRM
	http://seclists.org/fulldisclosure/2021/Sep/40	mailing-listx_refsource_FULLDISC

Impacted products

	Vendor	Product	Version
	Apple	macOS	Affected: unspecified , < 11.4 (custom)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

KEV entry ID: aec7d108-1121-4fd4-a481-d7539c1aada4

Vulnerability ID: CVE-2021-30713

Status: Confirmed

Status Updated: 2021-11-03 00:00 UTC

Exploited: Yes

Timestamps

First Seen: 2021-11-03

Asserted: 2021-11-03

Scope

Notes: KEV entry: Apple macOS Unspecified Vulnerability | Affected: Apple / macOS | Description: Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences. | Required action: Apply updates per vendor instructions. | Due date: 2021-11-17 | Known ransomware campaign use (KEV): Unknown | Notes (KEV): https://nvd.nist.gov/vuln/detail/CVE-2021-30713

Evidence

Type: Vendor Report

Signal: Successful Exploitation

Confidence: 80%

Source: cisa-kev

Details

Cwes	CWE-862
Feed	CISA Known Exploited Vulnerabilities Catalog
Product	macOS
Due Date	2021-11-17
Date Added	2021-11-03
Vendorproject	Apple
Vulnerabilityname	Apple macOS Unspecified Vulnerability
Knownransomwarecampaignuse	Unknown

References

CVE-2021-30713

Created: 2026-02-02 12:28 UTC | Updated: 2026-02-06 07:17 UTC

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:40:32.057Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212529"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212805"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "cvssV3_1": {
              "attackComplexity": "LOW",
              "attackVector": "LOCAL",
              "availabilityImpact": "HIGH",
              "baseScore": 7.8,
              "baseSeverity": "HIGH",
              "confidentialityImpact": "HIGH",
              "integrityImpact": "HIGH",
              "privilegesRequired": "LOW",
              "scope": "UNCHANGED",
              "userInteraction": "NONE",
              "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
              "version": "3.1"
            }
          },
          {
            "other": {
              "content": {
                "id": "CVE-2021-30713",
                "options": [
                  {
                    "Exploitation": "active"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-29T17:25:34.672209Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          },
          {
            "other": {
              "content": {
                "dateAdded": "2021-11-03",
                "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713"
              },
              "type": "kev"
            }
          }
        ],
        "problemTypes": [
          {
            "descriptions": [
              {
                "cweId": "CWE-862",
                "description": "CWE-862 Missing Authorization",
                "lang": "en",
                "type": "CWE"
              }
            ]
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-10-21T23:25:34.662Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "references": [
          {
            "tags": [
              "government-resource"
            ],
            "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713"
          }
        ],
        "timeline": [
          {
            "lang": "en",
            "time": "2021-11-03T00:00:00+00:00",
            "value": "CVE-2021-30713 added to CISA KEV"
          }
        ],
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-21T23:06:30.000Z",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212529"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212805"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30713",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.4"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212529",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212529"
            },
            {
              "name": "https://support.apple.com/kb/HT212805",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212805"
            },
            {
              "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30713",
    "datePublished": "2021-09-08T14:29:13.000Z",
    "dateReserved": "2021-04-13T00:00:00.000Z",
    "dateUpdated": "2025-10-21T23:25:34.662Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-30713",
      "cwes": "[\"CWE-862\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-30713",
      "product": "macOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple macOS Unspecified Vulnerability"
    },
    "fkie_nvd": {
      "cisaActionDue": "2021-11-17",
      "cisaExploitAdd": "2021-11-03",
      "cisaRequiredAction": "Apply updates per vendor instructions.",
      "cisaVulnerabilityName": "Apple macOS Unspecified Vulnerability",
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"10.15\", \"versionEndIncluding\": \"10.15.7\", \"matchCriteriaId\": \"059EC990-44D3-4DEC-9933-90A0706FEF22\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*\", \"matchCriteriaId\": \"A654B8A2-FC30-4171-B0BB-366CD7ED4B6A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*\", \"matchCriteriaId\": \"F12CC8B5-C1EB-419E-8496-B9A3864656AD\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*\", \"matchCriteriaId\": \"F1F4BF7F-90D4-4668-B4E6-B06F4070F448\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*\", \"matchCriteriaId\": \"7FD7176C-F4D1-43A7-9E49-BA92CA0D9980\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*\", \"matchCriteriaId\": \"2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*\", \"matchCriteriaId\": \"0F441A43-1669-478D-9EC8-E96882DE4F9F\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*\", \"matchCriteriaId\": \"D425C653-37A2-448C-BF2F-B684ADB08A26\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*\", \"matchCriteriaId\": \"A54D63B7-B92B-47C3-B1C5-9892E5873A98\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*\", \"matchCriteriaId\": \"3456176F-9185-4EE2-A8CE-3D989D674AB7\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"11.4\", \"matchCriteriaId\": \"49989826-E25B-4280-8EEA-A3ECC49F3635\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..\"}, {\"lang\": \"es\", \"value\": \"Se abord\\u00f3 un problema de permisos con una comprobaci\\u00f3n mejorada. Este problema es corregido en macOS Big Sur versi\\u00f3n 11.4. Una aplicaci\\u00f3n maliciosa puede ser capaz de omitir las preferencias de privacidad. Apple presenta conocimiento de un informe que indica que este problema puede haber sido explotado activamente\"}]",
      "id": "CVE-2021-30713",
      "lastModified": "2024-11-21T06:04:30.190",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 7.8, \"baseSeverity\": \"HIGH\", \"attackVector\": \"LOCAL\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"LOW\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 1.8, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:L/AC:L/Au:N/C:P/I:P/A:P\", \"baseScore\": 4.6, \"accessVector\": \"LOCAL\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"PARTIAL\"}, \"baseSeverity\": \"MEDIUM\", \"exploitabilityScore\": 3.9, \"impactScore\": 6.4, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
      "published": "2021-09-08T15:15:15.893",
      "references": "[{\"url\": \"http://seclists.org/fulldisclosure/2021/Sep/40\", \"source\": \"product-security@apple.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212529\", \"source\": \"product-security@apple.com\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212805\", \"source\": \"product-security@apple.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"http://seclists.org/fulldisclosure/2021/Sep/40\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://support.apple.com/en-us/HT212529\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\", \"Vendor Advisory\"]}, {\"url\": \"https://support.apple.com/kb/HT212805\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "product-security@apple.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-30713\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-09-08T15:15:15.893\",\"lastModified\":\"2025-10-23T14:56:11.420\",\"vulnStatus\":\"Analyzed\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de permisos con una comprobaci\u00f3n mejorada. Este problema es corregido en macOS Big Sur versi\u00f3n 11.4. Una aplicaci\u00f3n maliciosa puede ser capaz de omitir las preferencias de privacidad. Apple presenta conocimiento de un informe que indica que este problema puede haber sido explotado activamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":7.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":1.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:L/AC:L/Au:N/C:P/I:P/A:P\",\"baseScore\":4.6,\"accessVector\":\"LOCAL\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":3.9,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple macOS Unspecified Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-862\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"10.15\",\"versionEndIncluding\":\"10.15.7\",\"matchCriteriaId\":\"059EC990-44D3-4DEC-9933-90A0706FEF22\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*\",\"matchCriteriaId\":\"A654B8A2-FC30-4171-B0BB-366CD7ED4B6A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*\",\"matchCriteriaId\":\"F12CC8B5-C1EB-419E-8496-B9A3864656AD\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"F1F4BF7F-90D4-4668-B4E6-B06F4070F448\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*\",\"matchCriteriaId\":\"7FD7176C-F4D1-43A7-9E49-BA92CA0D9980\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*\",\"matchCriteriaId\":\"2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*\",\"matchCriteriaId\":\"0F441A43-1669-478D-9EC8-E96882DE4F9F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*\",\"matchCriteriaId\":\"D425C653-37A2-448C-BF2F-B684ADB08A26\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*\",\"matchCriteriaId\":\"A54D63B7-B92B-47C3-B1C5-9892E5873A98\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*\",\"matchCriteriaId\":\"3456176F-9185-4EE2-A8CE-3D989D674AB7\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.4\",\"matchCriteriaId\":\"49989826-E25B-4280-8EEA-A3ECC49F3635\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/40\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212529\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212805\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/40\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212529\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212805\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713\",\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"tags\":[\"Third Party Advisory\",\"US Government Resource\"]}]}}",
    "vulnrichment": {
      "containers": "{\"cna\": {\"affected\": [{\"product\": \"macOS\", \"vendor\": \"Apple\", \"versions\": [{\"lessThan\": \"11.4\", \"status\": \"affected\", \"version\": \"unspecified\", \"versionType\": \"custom\"}]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..\"}], \"problemTypes\": [{\"descriptions\": [{\"description\": \"A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.\", \"lang\": \"en\", \"type\": \"text\"}]}], \"providerMetadata\": {\"dateUpdated\": \"2021-09-21T23:06:30.000Z\", \"orgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"shortName\": \"apple\"}, \"references\": [{\"tags\": [\"x_refsource_MISC\"], \"url\": \"https://support.apple.com/en-us/HT212529\"}, {\"tags\": [\"x_refsource_CONFIRM\"], \"url\": \"https://support.apple.com/kb/HT212805\"}, {\"name\": \"20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\"], \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/40\"}], \"x_legacyV4Record\": {\"CVE_data_meta\": {\"ASSIGNER\": \"product-security@apple.com\", \"ID\": \"CVE-2021-30713\", \"STATE\": \"PUBLIC\"}, \"affects\": {\"vendor\": {\"vendor_data\": [{\"product\": {\"product_data\": [{\"product_name\": \"macOS\", \"version\": {\"version_data\": [{\"version_affected\": \"\u003c\", \"version_value\": \"11.4\"}]}}]}, \"vendor_name\": \"Apple\"}]}}, \"data_format\": \"MITRE\", \"data_type\": \"CVE\", \"data_version\": \"4.0\", \"description\": {\"description_data\": [{\"lang\": \"eng\", \"value\": \"A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..\"}]}, \"problemtype\": {\"problemtype_data\": [{\"description\": [{\"lang\": \"eng\", \"value\": \"A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.\"}]}]}, \"references\": {\"reference_data\": [{\"name\": \"https://support.apple.com/en-us/HT212529\", \"refsource\": \"MISC\", \"url\": \"https://support.apple.com/en-us/HT212529\"}, {\"name\": \"https://support.apple.com/kb/HT212805\", \"refsource\": \"CONFIRM\", \"url\": \"https://support.apple.com/kb/HT212805\"}, {\"name\": \"20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina\", \"refsource\": \"FULLDISC\", \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/40\"}]}}}, \"adp\": [{\"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-03T22:40:32.057Z\"}, \"title\": \"CVE Program Container\", \"references\": [{\"tags\": [\"x_refsource_MISC\", \"x_transferred\"], \"url\": \"https://support.apple.com/en-us/HT212529\"}, {\"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"], \"url\": \"https://support.apple.com/kb/HT212805\"}, {\"name\": \"20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina\", \"tags\": [\"mailing-list\", \"x_refsource_FULLDISC\", \"x_transferred\"], \"url\": \"http://seclists.org/fulldisclosure/2021/Sep/40\"}]}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.8, \"attackVector\": \"LOCAL\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H\", \"integrityImpact\": \"HIGH\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"LOW\", \"confidentialityImpact\": \"HIGH\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2021-30713\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"active\"}, {\"Automatable\": \"no\"}, {\"Technical Impact\": \"total\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-29T17:25:34.672209Z\"}}}, {\"other\": {\"type\": \"kev\", \"content\": {\"dateAdded\": \"2021-11-03\", \"reference\": \"https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713\"}}}], \"timeline\": [{\"time\": \"2021-11-03T00:00:00+00:00\", \"lang\": \"en\", \"value\": \"CVE-2021-30713 added to CISA KEV\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-862\", \"description\": \"CWE-862 Missing Authorization\"}]}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-29T17:24:14.772Z\"}}]}",
      "cveMetadata": "{\"assignerOrgId\": \"286789f9-fbc2-4510-9f9a-43facdede74c\", \"assignerShortName\": \"apple\", \"cveId\": \"CVE-2021-30713\", \"datePublished\": \"2021-09-08T14:29:13.000Z\", \"dateReserved\": \"2021-04-13T00:00:00.000Z\", \"dateUpdated\": \"2025-07-30T01:38:00.808Z\", \"state\": \"PUBLISHED\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2021-AVI-398

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Apple. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire, un déni de service et un contournement de la politique de sécurité.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 14.1.1
Apple	macOS	macOS Big Sur versions antérieures à 11.4
Apple	macOS	macOS Catalina versions sans la mise à jour 2021-003
Apple	N/A	iPadOS versions antérieures à 14.6
Apple	N/A	tvOS versions antérieures à 14.6
Apple	N/A	watchOS versions antérieures à 7.5
Apple	macOS	macOS Mojave versions sans la mise à jour 2021-004
Apple	N/A	iOS versions antérieures à 14.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212534 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212528 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212531 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212533 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212530 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212529 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212532 du 24 mai 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.1.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions sans la mise \u00e0 jour 2021-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions sans la mise \u00e0 jour 2021-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30678"
    },
    {
      "name": "CVE-2021-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30715"
    },
    {
      "name": "CVE-2021-30724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30724"
    },
    {
      "name": "CVE-2021-30668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30668"
    },
    {
      "name": "CVE-2020-36230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
    },
    {
      "name": "CVE-2021-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30681"
    },
    {
      "name": "CVE-2020-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
    },
    {
      "name": "CVE-2021-30667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30667"
    },
    {
      "name": "CVE-2021-30722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30722"
    },
    {
      "name": "CVE-2021-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30684"
    },
    {
      "name": "CVE-2021-30737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30737"
    },
    {
      "name": "CVE-2021-30708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30708"
    },
    {
      "name": "CVE-2020-36225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
    },
    {
      "name": "CVE-2021-30701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30701"
    },
    {
      "name": "CVE-2021-30743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30743"
    },
    {
      "name": "CVE-2021-30726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30726"
    },
    {
      "name": "CVE-2021-30676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30676"
    },
    {
      "name": "CVE-2021-30671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30671"
    },
    {
      "name": "CVE-2020-36224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
    },
    {
      "name": "CVE-2021-30692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30692"
    },
    {
      "name": "CVE-2021-30677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
    },
    {
      "name": "CVE-2021-30714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30714"
    },
    {
      "name": "CVE-2021-30702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30702"
    },
    {
      "name": "CVE-2021-30727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30727"
    },
    {
      "name": "CVE-2021-21779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21779"
    },
    {
      "name": "CVE-2021-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
    },
    {
      "name": "CVE-2020-36228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
    },
    {
      "name": "CVE-2020-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
    },
    {
      "name": "CVE-2021-30723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30723"
    },
    {
      "name": "CVE-2021-30729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30729"
    },
    {
      "name": "CVE-2021-30719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30719"
    },
    {
      "name": "CVE-2021-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30696"
    },
    {
      "name": "CVE-2021-30712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30712"
    },
    {
      "name": "CVE-2021-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30688"
    },
    {
      "name": "CVE-2021-30739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30739"
    },
    {
      "name": "CVE-2021-30680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30680"
    },
    {
      "name": "CVE-2021-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30689"
    },
    {
      "name": "CVE-2021-30746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30746"
    },
    {
      "name": "CVE-2021-30744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30744"
    },
    {
      "name": "CVE-2020-36223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
    },
    {
      "name": "CVE-2021-30669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30669"
    },
    {
      "name": "CVE-2021-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30699"
    },
    {
      "name": "CVE-2021-30728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30728"
    },
    {
      "name": "CVE-2021-30736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30736"
    },
    {
      "name": "CVE-2020-36229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
    },
    {
      "name": "CVE-2021-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30695"
    },
    {
      "name": "CVE-2021-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30705"
    },
    {
      "name": "CVE-2021-30663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30663"
    },
    {
      "name": "CVE-2021-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30683"
    },
    {
      "name": "CVE-2021-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30691"
    },
    {
      "name": "CVE-2021-30725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30725"
    },
    {
      "name": "CVE-2021-30665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30665"
    },
    {
      "name": "CVE-2021-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30721"
    },
    {
      "name": "CVE-2021-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30693"
    },
    {
      "name": "CVE-2021-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30682"
    },
    {
      "name": "CVE-2021-30674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30674"
    },
    {
      "name": "CVE-2021-30694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30694"
    },
    {
      "name": "CVE-2021-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
    },
    {
      "name": "CVE-2021-30673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30673"
    },
    {
      "name": "CVE-2021-30718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30718"
    },
    {
      "name": "CVE-2021-30713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30713"
    },
    {
      "name": "CVE-2021-30717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30717"
    },
    {
      "name": "CVE-2020-36226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
    },
    {
      "name": "CVE-2021-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30687"
    },
    {
      "name": "CVE-2020-36222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
    },
    {
      "name": "CVE-2021-30709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30709"
    },
    {
      "name": "CVE-2021-30690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30690"
    },
    {
      "name": "CVE-2021-30686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30686"
    },
    {
      "name": "CVE-2021-30716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30716"
    },
    {
      "name": "CVE-2021-30735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30735"
    },
    {
      "name": "CVE-2021-30679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30679"
    },
    {
      "name": "CVE-2021-30734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30734"
    },
    {
      "name": "CVE-2021-30697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30697"
    },
    {
      "name": "CVE-2021-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30698"
    },
    {
      "name": "CVE-2021-30720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30720"
    },
    {
      "name": "CVE-2021-30740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30740"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30685"
    },
    {
      "name": "CVE-2021-30738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30738"
    },
    {
      "name": "CVE-2021-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30749"
    },
    {
      "name": "CVE-2021-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30704"
    },
    {
      "name": "CVE-2021-30741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30741"
    },
    {
      "name": "CVE-2021-30707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30707"
    },
    {
      "name": "CVE-2021-30710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30710"
    },
    {
      "name": "CVE-2021-30700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30700"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-398",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212534 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212534"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212528 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212528"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212531 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212531"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212533 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212533"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212530 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212530"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212529 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212532 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212532"
    }
  ]
}

CERTFR-2021-AVI-398

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

Vendor	Product	Description
Apple	Safari	Safari versions antérieures à 14.1.1
Apple	macOS	macOS Big Sur versions antérieures à 11.4
Apple	macOS	macOS Catalina versions sans la mise à jour 2021-003
Apple	N/A	iPadOS versions antérieures à 14.6
Apple	N/A	tvOS versions antérieures à 14.6
Apple	N/A	watchOS versions antérieures à 7.5
Apple	macOS	macOS Mojave versions sans la mise à jour 2021-004
Apple	N/A	iOS versions antérieures à 14.6

References

Title

Publication Time

Tags

Bulletin de sécurité Apple HT212534 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212528 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212531 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212533 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212530 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212529 du 24 mai 2021	None	vendor-advisory
Bulletin de sécurité Apple HT212532 du 24 mai 2021	None	vendor-advisory

Show details on source website

JSON

To clipboard

{
  "$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
  "affected_systems": [
    {
      "description": "Safari versions ant\u00e9rieures \u00e0 14.1.1",
      "product": {
        "name": "Safari",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Big Sur versions ant\u00e9rieures \u00e0 11.4",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Catalina versions sans la mise \u00e0 jour 2021-003",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iPadOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "tvOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "watchOS versions ant\u00e9rieures \u00e0 7.5",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "macOS Mojave versions sans la mise \u00e0 jour 2021-004",
      "product": {
        "name": "macOS",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    },
    {
      "description": "iOS versions ant\u00e9rieures \u00e0 14.6",
      "product": {
        "name": "N/A",
        "vendor": {
          "name": "Apple",
          "scada": false
        }
      }
    }
  ],
  "affected_systems_content": null,
  "content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
  "cves": [
    {
      "name": "CVE-2021-30678",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30678"
    },
    {
      "name": "CVE-2021-30715",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30715"
    },
    {
      "name": "CVE-2021-30724",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30724"
    },
    {
      "name": "CVE-2021-30668",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30668"
    },
    {
      "name": "CVE-2020-36230",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36230"
    },
    {
      "name": "CVE-2021-30681",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30681"
    },
    {
      "name": "CVE-2020-36221",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36221"
    },
    {
      "name": "CVE-2021-30667",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30667"
    },
    {
      "name": "CVE-2021-30722",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30722"
    },
    {
      "name": "CVE-2021-30684",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30684"
    },
    {
      "name": "CVE-2021-30737",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30737"
    },
    {
      "name": "CVE-2021-30708",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30708"
    },
    {
      "name": "CVE-2020-36225",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36225"
    },
    {
      "name": "CVE-2021-30701",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30701"
    },
    {
      "name": "CVE-2021-30743",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30743"
    },
    {
      "name": "CVE-2021-30726",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30726"
    },
    {
      "name": "CVE-2021-30676",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30676"
    },
    {
      "name": "CVE-2021-30671",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30671"
    },
    {
      "name": "CVE-2020-36224",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36224"
    },
    {
      "name": "CVE-2021-30692",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30692"
    },
    {
      "name": "CVE-2021-30677",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30677"
    },
    {
      "name": "CVE-2021-30714",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30714"
    },
    {
      "name": "CVE-2021-30702",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30702"
    },
    {
      "name": "CVE-2021-30727",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30727"
    },
    {
      "name": "CVE-2021-21779",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-21779"
    },
    {
      "name": "CVE-2021-1884",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1884"
    },
    {
      "name": "CVE-2020-36228",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36228"
    },
    {
      "name": "CVE-2020-36227",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36227"
    },
    {
      "name": "CVE-2021-30723",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30723"
    },
    {
      "name": "CVE-2021-30729",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30729"
    },
    {
      "name": "CVE-2021-30719",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30719"
    },
    {
      "name": "CVE-2021-30696",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30696"
    },
    {
      "name": "CVE-2021-30712",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30712"
    },
    {
      "name": "CVE-2021-30688",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30688"
    },
    {
      "name": "CVE-2021-30739",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30739"
    },
    {
      "name": "CVE-2021-30680",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30680"
    },
    {
      "name": "CVE-2021-30689",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30689"
    },
    {
      "name": "CVE-2021-30746",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30746"
    },
    {
      "name": "CVE-2021-30744",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30744"
    },
    {
      "name": "CVE-2020-36223",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36223"
    },
    {
      "name": "CVE-2021-30669",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30669"
    },
    {
      "name": "CVE-2021-30699",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30699"
    },
    {
      "name": "CVE-2021-30728",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30728"
    },
    {
      "name": "CVE-2021-30736",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30736"
    },
    {
      "name": "CVE-2020-36229",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36229"
    },
    {
      "name": "CVE-2021-30695",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30695"
    },
    {
      "name": "CVE-2021-30705",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30705"
    },
    {
      "name": "CVE-2021-30663",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30663"
    },
    {
      "name": "CVE-2021-30683",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30683"
    },
    {
      "name": "CVE-2021-30691",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30691"
    },
    {
      "name": "CVE-2021-30725",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30725"
    },
    {
      "name": "CVE-2021-30665",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30665"
    },
    {
      "name": "CVE-2021-30721",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30721"
    },
    {
      "name": "CVE-2021-30693",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30693"
    },
    {
      "name": "CVE-2021-30682",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30682"
    },
    {
      "name": "CVE-2021-30674",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30674"
    },
    {
      "name": "CVE-2021-30694",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30694"
    },
    {
      "name": "CVE-2021-1883",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-1883"
    },
    {
      "name": "CVE-2021-30673",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30673"
    },
    {
      "name": "CVE-2021-30718",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30718"
    },
    {
      "name": "CVE-2021-30713",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30713"
    },
    {
      "name": "CVE-2021-30717",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30717"
    },
    {
      "name": "CVE-2020-36226",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36226"
    },
    {
      "name": "CVE-2021-30687",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30687"
    },
    {
      "name": "CVE-2020-36222",
      "url": "https://www.cve.org/CVERecord?id=CVE-2020-36222"
    },
    {
      "name": "CVE-2021-30709",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30709"
    },
    {
      "name": "CVE-2021-30690",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30690"
    },
    {
      "name": "CVE-2021-30686",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30686"
    },
    {
      "name": "CVE-2021-30716",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30716"
    },
    {
      "name": "CVE-2021-30735",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30735"
    },
    {
      "name": "CVE-2021-30679",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30679"
    },
    {
      "name": "CVE-2021-30734",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30734"
    },
    {
      "name": "CVE-2021-30697",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30697"
    },
    {
      "name": "CVE-2021-30698",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30698"
    },
    {
      "name": "CVE-2021-30720",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30720"
    },
    {
      "name": "CVE-2021-30740",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30740"
    },
    {
      "name": "CVE-2021-23841",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-23841"
    },
    {
      "name": "CVE-2021-30685",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30685"
    },
    {
      "name": "CVE-2021-30738",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30738"
    },
    {
      "name": "CVE-2021-30749",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30749"
    },
    {
      "name": "CVE-2021-30704",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30704"
    },
    {
      "name": "CVE-2021-30741",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30741"
    },
    {
      "name": "CVE-2021-30707",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30707"
    },
    {
      "name": "CVE-2021-30710",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30710"
    },
    {
      "name": "CVE-2021-30700",
      "url": "https://www.cve.org/CVERecord?id=CVE-2021-30700"
    }
  ],
  "links": [],
  "reference": "CERTFR-2021-AVI-398",
  "revisions": [
    {
      "description": "Version initiale",
      "revision_date": "2021-05-25T00:00:00.000000"
    }
  ],
  "risks": [
    {
      "description": "Injection de code indirecte \u00e0 distance (XSS)"
    },
    {
      "description": "Ex\u00e9cution de code arbitraire"
    },
    {
      "description": "D\u00e9ni de service"
    },
    {
      "description": "Contournement de la politique de s\u00e9curit\u00e9"
    },
    {
      "description": "Atteinte \u00e0 la confidentialit\u00e9 des donn\u00e9es"
    },
    {
      "description": "\u00c9l\u00e9vation de privil\u00e8ges"
    }
  ],
  "summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Apple.\nCertaines d\u0027entre elles permettent \u00e0 un attaquant de provoquer une\nex\u00e9cution de code arbitraire, un d\u00e9ni de service et un contournement de\nla politique de s\u00e9curit\u00e9.\n",
  "title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Apple",
  "vendor_advisories": [
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212534 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212534"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212528 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212528"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212531 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212531"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212533 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212533"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212530 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212530"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212529 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "published_at": null,
      "title": "Bulletin de s\u00e9curit\u00e9 Apple HT212532 du 24 mai 2021",
      "url": "https://support.apple.com/en-us/HT212532"
    }
  ]
}

VAR-202109-1380

Vulnerability from variot - Updated: 2024-01-17 19:41

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. There is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The vulnerability stems from the failure to fully verify the input provided by the user in the TCC subsystem. Affected versions: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 1E2.3, 20D91, 11.2.3, 20D74 20E241. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina

Security Update 2021-005 Catalina addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212805.

CoreGraphics Available for: macOS Catalina Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. CVE-2021-30860: The Citizen Lab

CoreServices Available for: macOS Catalina Impact: A sandboxed process may be able to circumvent sandbox restrictions Description: An access issue was addressed with improved access restrictions. CVE-2021-30783: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point Entry added September 20, 2021

CUPS Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: A permissions issue existed. CVE-2021-30827: an anonymous researcher Entry added September 20, 2021

CUPS Available for: macOS Catalina Impact: A local user may be able to read arbitrary files as root Description: This issue was addressed with improved checks. CVE-2021-30828: an anonymous researcher Entry added September 20, 2021

CUPS Available for: macOS Catalina Impact: A local user may be able to execute arbitrary files Description: A URI parsing issue was addressed with improved parsing. CVE-2021-30829: an anonymous researcher Entry added September 20, 2021

curl Available for: macOS Catalina Impact: curl could potentially reveal sensitive internal information to the server using a clear-text network protocol Description: A buffer overflow was addressed with improved input validation. CVE-2021-22925 Entry added September 20, 2021

CVMS Available for: macOS Catalina Impact: A local attacker may be able to elevate their privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro Entry added September 20, 2021

FontParser Available for: macOS Catalina Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab Entry added September 20, 2021

ImageIO Available for: macOS Catalina Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: This issue was addressed with improved checks. CVE-2021-30835: Ye Zhang of Baidu Security CVE-2021-30847: Mike Zhang of Pangu Lab Entry added September 20, 2021

Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30830: Zweig of Kunlun Lab Entry added September 20, 2021

Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: An out-of-bounds read was addressed with improved input validation. CVE-2021-30865: Zweig of Kunlun Lab Entry added September 20, 2021

Kernel Available for: macOS Catalina Impact: Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges Description: A race condition was addressed with additional validation. CVE-2020-29622: Jordy Zomer of Certified Secure Entry added September 20, 2021

Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30857: Zweig of Kunlun Lab Entry added September 20, 2021

Kernel Available for: macOS Catalina Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A type confusion issue was addressed with improved state handling. CVE-2021-30859: Apple Entry added September 20, 2021

libexpat Available for: macOS Catalina Impact: A remote attacker may be able to cause a denial of service Description: This issue was addressed by updating expat to version 2.4.1. CVE-2013-0340: an anonymous researcher Entry added September 20, 2021

Preferences Available for: macOS Catalina Impact: An application may be able to access restricted files Description: A validation issue existed in the handling of symlinks. CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com) Entry added September 20, 2021

Sandbox Available for: macOS Catalina Impact: A user may gain access to protected parts of the file system Description: An access issue was addressed with improved access restrictions. CVE-2021-30850: an anonymous researcher Entry added September 20, 2021

SMB Available for: macOS Catalina Impact: A remote attacker may be able to leak memory Description: A logic issue was addressed with improved state management. CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs Entry added September 20, 2021

TCC Available for: macOS Catalina Impact: A malicious application may be able to bypass Privacy preferences Description: A permissions issue was addressed with improved validation. CVE-2021-30713: an anonymous researcher Entry added September 20, 2021

Additional recognition

Bluetooth We would like to acknowledge say2 of ENKI for their assistance. Entry added September 20, 2021

CoreML We would like to acknowledge hjy79425575 working with Trend Micro Zero Day Initiative for their assistance. Entry added September 20, 2021

CUPS We would like to acknowledge an anonymous researcher for their assistance. Entry added September 20, 2021

Kernel We would like to acknowledge Anthony Steinhauser of Google's Safeside project for their assistance. Entry added September 20, 2021

smbx We would like to acknowledge Zhongcheng Li (CK01) for their assistance. Entry added September 20, 2021

Installation note:

This update may be obtained from the Mac App Store or Apple's Software Downloads web site: https://support.apple.com/downloads/

Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p rhhvSA/+MzMvNJUS7KUDdIBNgVfzpgGLGGy0ewyCCuLaTFGPPtVVMlgXgo0Q1ds4 NQJ47AWXUkOEPotUdaMXYXTTlNRrS/rHuhrUar8tNgXVOuTIFoa0AaGNVFLbklxz KRte/SqDIY7PdWobflBTeeROlFq0/lIys+cyI3TtWezCGaGcdFO0Ckhv76UFUUUi qnB3hjxXVCkbwbetl6EMPQiIYpOzU8KOn95T3E24buRO8CxNdwYbZOkHqYaCAYLX Fm0lPtX4VknTdwjwhMTmNrbrMmc7TPOLEUavTNv0ghslYbywX3Iwj6f2mC5ZArUB klKZwLWPl8cOJmwMADnSpQc5VR+umM0fJdxsHajJu9/eWAuVK35IFJbQcZyP0Urv N+B8V4tk9D+I1NmU+12QIAlmUnnAmnzCBa/qE+FIGCyyBQgSM6WdmwXmWvQPX9/1 q7fVqW6zZv1A7z2Qal82sRkLH1APsoRGUQlw+uttmh6rKoLpNgH4ZJ4Xhqcq/S4k DgL85EvidWgaaTIj9+mI5NmqbY0E8/rkHtjxaOY9wyjpWiw2rSO7SXLTuDIRMBlt hlBR20e5/ZqdKxxAE+U31ZI8PzJhEU4PoCL5xcciXxBOilxhUgVLGDgmZol117Sy +wX/g7wuaorhnCsOIWNBC/up76pBJlCe+nsOoWNPFdgP5qw2pZY= =QJxi -----END PGP SIGNATURE-----

Show details on source website

JSON

To clipboard

{
  "@context": {
    "@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
    "affected_products": {
      "@id": "https://www.variotdbs.pl/ref/affected_products"
    },
    "configurations": {
      "@id": "https://www.variotdbs.pl/ref/configurations"
    },
    "credits": {
      "@id": "https://www.variotdbs.pl/ref/credits"
    },
    "cvss": {
      "@id": "https://www.variotdbs.pl/ref/cvss/"
    },
    "description": {
      "@id": "https://www.variotdbs.pl/ref/description/"
    },
    "exploit_availability": {
      "@id": "https://www.variotdbs.pl/ref/exploit_availability/"
    },
    "external_ids": {
      "@id": "https://www.variotdbs.pl/ref/external_ids/"
    },
    "iot": {
      "@id": "https://www.variotdbs.pl/ref/iot/"
    },
    "iot_taxonomy": {
      "@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
    },
    "patch": {
      "@id": "https://www.variotdbs.pl/ref/patch/"
    },
    "problemtype_data": {
      "@id": "https://www.variotdbs.pl/ref/problemtype_data/"
    },
    "references": {
      "@id": "https://www.variotdbs.pl/ref/references/"
    },
    "sources": {
      "@id": "https://www.variotdbs.pl/ref/sources/"
    },
    "sources_release_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_release_date/"
    },
    "sources_update_date": {
      "@id": "https://www.variotdbs.pl/ref/sources_update_date/"
    },
    "threat_type": {
      "@id": "https://www.variotdbs.pl/ref/threat_type/"
    },
    "title": {
      "@id": "https://www.variotdbs.pl/ref/title/"
    },
    "type": {
      "@id": "https://www.variotdbs.pl/ref/type/"
    }
  },
  "@id": "https://www.variotdbs.pl/vuln/VAR-202109-1380",
  "affected_products": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/affected_products#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "model": "mac os x",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15"
      },
      {
        "model": "macos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "apple",
        "version": "11.4"
      },
      {
        "model": "mac os x",
        "scope": "lte",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "mac os x",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "apple",
        "version": "10.15.7"
      },
      {
        "model": "apple mac os x",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      },
      {
        "model": "macos",
        "scope": null,
        "trust": 0.8,
        "vendor": "\u30a2\u30c3\u30d7\u30eb",
        "version": null
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "configurations": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/configurations#",
      "children": {
        "@container": "@list"
      },
      "cpe_match": {
        "@container": "@list"
      },
      "data": {
        "@container": "@list"
      },
      "nodes": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "credits": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/credits#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "Apple",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "164249"
      }
    ],
    "trust": 0.1
  },
  "cve": "CVE-2021-30713",
  "cvss": {
    "@context": {
      "cvssV2": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
      },
      "cvssV3": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
      },
      "severity": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/cvss/severity#"
        },
        "@id": "https://www.variotdbs.pl/ref/cvss/severity"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        },
        "@id": "https://www.variotdbs.pl/ref/sources"
      }
    },
    "data": [
      {
        "cvssV2": [
          {
            "acInsufInfo": false,
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "NVD",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "obtainAllPrivilege": false,
            "obtainOtherPrivilege": false,
            "obtainUserPrivilege": false,
            "severity": "MEDIUM",
            "trust": 1.0,
            "userInteractionRequired": false,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "acInsufInfo": null,
            "accessComplexity": "Low",
            "accessVector": "Local",
            "authentication": "None",
            "author": "NVD",
            "availabilityImpact": "Partial",
            "baseScore": 4.6,
            "confidentialityImpact": "Partial",
            "exploitabilityScore": null,
            "id": "CVE-2021-30713",
            "impactScore": null,
            "integrityImpact": "Partial",
            "obtainAllPrivilege": null,
            "obtainOtherPrivilege": null,
            "obtainUserPrivilege": null,
            "severity": "Medium",
            "trust": 0.9,
            "userInteractionRequired": null,
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "author": "VULHUB",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "exploitabilityScore": 3.9,
            "id": "VHN-390446",
            "impactScore": 6.4,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.1,
            "vectorString": "AV:L/AC:L/AU:N/C:P/I:P/A:P",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "author": "NVD",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "exploitabilityScore": 1.8,
            "impactScore": 5.9,
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          {
            "attackComplexity": "Low",
            "attackVector": "Local",
            "author": "NVD",
            "availabilityImpact": "High",
            "baseScore": 7.8,
            "baseSeverity": "High",
            "confidentialityImpact": "High",
            "exploitabilityScore": null,
            "id": "CVE-2021-30713",
            "impactScore": null,
            "integrityImpact": "High",
            "privilegesRequired": "Low",
            "scope": "Unchanged",
            "trust": 0.8,
            "userInteraction": "None",
            "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.0"
          }
        ],
        "severity": [
          {
            "author": "NVD",
            "id": "CVE-2021-30713",
            "trust": 1.8,
            "value": "HIGH"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202104-975",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202105-1452",
            "trust": 0.6,
            "value": "HIGH"
          },
          {
            "author": "VULHUB",
            "id": "VHN-390446",
            "trust": 0.1,
            "value": "MEDIUM"
          },
          {
            "author": "VULMON",
            "id": "CVE-2021-30713",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "description": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/description#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.. macOS Exists in unspecified vulnerabilities.Information is obtained, information is tampered with, and service operation is interrupted. (DoS) It may be in a state. Pillow is a Python-based image processing library. \nThere is currently no information about this vulnerability, please feel free to follow CNNVD or manufacturer announcements. The vulnerability stems from the failure to fully verify the input provided by the user in the TCC subsystem. Affected versions: macOS: 11.0 20A2411, 11.0.1 20B29, 11.0.1 20B50, 11.1 20C69, 11.2 20D64, 11.2.1 20D74, 11.2.1 20D75, 11.2.2 20D80, 11.2.3 20D91, 1E2.3, 20D91, 11.2.3, 20D74 20E241. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-09-20-8 Additional information for\nAPPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina\n\nSecurity Update 2021-005 Catalina addresses the following issues. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212805. \n\nCoreGraphics\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution. \nCVE-2021-30860: The Citizen Lab\n\nCoreServices\nAvailable for: macOS Catalina\nImpact: A sandboxed process may be able to circumvent sandbox\nrestrictions\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30783: an anonymous researcher, Ron Hass (@ronhass7) of\nPerception Point\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: A permissions issue existed. \nCVE-2021-30827: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Catalina\nImpact: A local user may be able to read arbitrary files as root\nDescription: This issue was addressed with improved checks. \nCVE-2021-30828: an anonymous researcher\nEntry added September 20, 2021\n\nCUPS\nAvailable for: macOS Catalina\nImpact: A local user may be able to execute arbitrary files\nDescription: A URI parsing issue was addressed with improved parsing. \nCVE-2021-30829: an anonymous researcher\nEntry added September 20, 2021\n\ncurl\nAvailable for: macOS Catalina\nImpact: curl could potentially reveal sensitive internal information\nto the server using a clear-text network protocol\nDescription: A buffer overflow was addressed with improved input\nvalidation. \nCVE-2021-22925\nEntry added September 20, 2021\n\nCVMS\nAvailable for: macOS Catalina\nImpact: A local attacker may be able to elevate their privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30832: Mickey Jin (@patch1t) of Trend Micro\nEntry added September 20, 2021\n\nFontParser\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted dfont file may lead to\narbitrary code execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab\nCVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab\nEntry added September 20, 2021\n\nImageIO\nAvailable for: macOS Catalina\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: This issue was addressed with improved checks. \nCVE-2021-30835: Ye Zhang of Baidu Security\nCVE-2021-30847: Mike Zhang of Pangu Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30830: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: An out-of-bounds read was addressed with improved input\nvalidation. \nCVE-2021-30865: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: Mounting a maliciously crafted NFS network share may lead to\narbitrary code execution with system privileges\nDescription: A race condition was addressed with additional\nvalidation. \nCVE-2020-29622: Jordy Zomer of Certified Secure\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30857: Zweig of Kunlun Lab\nEntry added September 20, 2021\n\nKernel\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A type confusion issue was addressed with improved state\nhandling. \nCVE-2021-30859: Apple\nEntry added September 20, 2021\n\nlibexpat\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to cause a denial of service\nDescription: This issue was addressed by updating expat to version\n2.4.1. \nCVE-2013-0340: an anonymous researcher\nEntry added September 20, 2021\n\nPreferences\nAvailable for: macOS Catalina\nImpact: An application may be able to access restricted files\nDescription: A validation issue existed in the handling of symlinks. \nCVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)\nof Tencent Security Xuanwu Lab (xlab.tencent.com)\nEntry added September 20, 2021\n\nSandbox\nAvailable for: macOS Catalina\nImpact: A user may gain access to protected parts of the file system\nDescription: An access issue was addressed with improved access\nrestrictions. \nCVE-2021-30850: an anonymous researcher\nEntry added September 20, 2021\n\nSMB\nAvailable for: macOS Catalina\nImpact: A remote attacker may be able to leak memory\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs\nEntry added September 20, 2021\n\nTCC\nAvailable for: macOS Catalina\nImpact: A malicious application may be able to bypass Privacy\npreferences\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2021-30713: an anonymous researcher\nEntry added September 20, 2021\n\nAdditional recognition\n\nBluetooth\nWe would like to acknowledge say2 of ENKI for their assistance. \nEntry added September 20, 2021\n\nCoreML\nWe would like to acknowledge hjy79425575 working with Trend Micro\nZero Day Initiative for their assistance. \nEntry added September 20, 2021\n\nCUPS\nWe would like to acknowledge an anonymous researcher for their\nassistance. \nEntry added September 20, 2021\n\nKernel\nWe would like to acknowledge Anthony Steinhauser of Google\u0027s Safeside\nproject for their assistance. \nEntry added September 20, 2021\n\nsmbx\nWe would like to acknowledge Zhongcheng Li (CK01) for their\nassistance. \nEntry added September 20, 2021\n\nInstallation note:\n\nThis update may be obtained from the Mac App Store or\nApple\u0027s Software Downloads web site:\nhttps://support.apple.com/downloads/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmFI888ACgkQeC9qKD1p\nrhhvSA/+MzMvNJUS7KUDdIBNgVfzpgGLGGy0ewyCCuLaTFGPPtVVMlgXgo0Q1ds4\nNQJ47AWXUkOEPotUdaMXYXTTlNRrS/rHuhrUar8tNgXVOuTIFoa0AaGNVFLbklxz\nKRte/SqDIY7PdWobflBTeeROlFq0/lIys+cyI3TtWezCGaGcdFO0Ckhv76UFUUUi\nqnB3hjxXVCkbwbetl6EMPQiIYpOzU8KOn95T3E24buRO8CxNdwYbZOkHqYaCAYLX\nFm0lPtX4VknTdwjwhMTmNrbrMmc7TPOLEUavTNv0ghslYbywX3Iwj6f2mC5ZArUB\nklKZwLWPl8cOJmwMADnSpQc5VR+umM0fJdxsHajJu9/eWAuVK35IFJbQcZyP0Urv\nN+B8V4tk9D+I1NmU+12QIAlmUnnAmnzCBa/qE+FIGCyyBQgSM6WdmwXmWvQPX9/1\nq7fVqW6zZv1A7z2Qal82sRkLH1APsoRGUQlw+uttmh6rKoLpNgH4ZJ4Xhqcq/S4k\nDgL85EvidWgaaTIj9+mI5NmqbY0E8/rkHtjxaOY9wyjpWiw2rSO7SXLTuDIRMBlt\nhlBR20e5/ZqdKxxAE+U31ZI8PzJhEU4PoCL5xcciXxBOilxhUgVLGDgmZol117Sy\n+wX/g7wuaorhnCsOIWNBC/up76pBJlCe+nsOoWNPFdgP5qw2pZY=\n=QJxi\n-----END PGP SIGNATURE-----\n\n\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      }
    ],
    "trust": 2.43
  },
  "external_ids": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/external_ids#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2021-30713",
        "trust": 3.5
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483",
        "trust": 0.8
      },
      {
        "db": "PACKETSTORM",
        "id": "164249",
        "trust": 0.7
      },
      {
        "db": "CS-HELP",
        "id": "SB2021041363",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1794",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.3102.2",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021052415",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452",
        "trust": 0.6
      },
      {
        "db": "VULHUB",
        "id": "VHN-390446",
        "trust": 0.1
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30713",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "id": "VAR-202109-1380",
  "iot": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/iot#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": true,
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390446"
      }
    ],
    "trust": 0.01
  },
  "last_update_date": "2024-01-17T19:41:06.694000Z",
  "patch": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/patch#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "title": "HT212529 Apple\u00a0 Security update",
        "trust": 0.8,
        "url": "https://support.apple.com/en-us/ht212529"
      },
      {
        "title": "Apple macOS Big Sur Enter the fix for the verification error vulnerability",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqbyid.tag?id=151645"
      },
      {
        "title": "The Register",
        "trust": 0.2,
        "url": "https://www.theregister.co.uk/2021/05/24/ios_macos_patches/"
      },
      {
        "title": "https://github.com/houjingyi233/macOS-iOS-system-security",
        "trust": 0.1,
        "url": "https://github.com/houjingyi233/macos-ios-system-security "
      },
      {
        "title": "https://github.com/houjingyi233/macos-ios-exploit-writeup",
        "trust": 0.1,
        "url": "https://github.com/houjingyi233/macos-ios-exploit-writeup "
      },
      {
        "title": "Known Exploited Vulnerabilities Detector",
        "trust": 0.1,
        "url": "https://github.com/ostorlab/kev "
      },
      {
        "title": null,
        "trust": 0.1,
        "url": "https://www.welivesecurity.com/2021/05/25/apple-macos-zero-day-malware-screenshots/"
      },
      {
        "title": "Threatpost",
        "trust": 0.1,
        "url": "https://threatpost.com/apple-patches-zero-day-flaw-in-macos-that-allows-for-sneaky-screenshots/166428/"
      }
    ],
    "sources": [
      {
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      }
    ]
  },
  "problemtype_data": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "problemtype": "CWE-20",
        "trust": 1.0
      },
      {
        "problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
        "trust": 0.8
      }
    ],
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "references": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/references#",
      "data": {
        "@container": "@list"
      },
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": [
      {
        "trust": 1.8,
        "url": "https://support.apple.com/kb/ht212805"
      },
      {
        "trust": 1.8,
        "url": "http://seclists.org/fulldisclosure/2021/sep/40"
      },
      {
        "trust": 1.8,
        "url": "https://support.apple.com/en-us/ht212529"
      },
      {
        "trust": 1.5,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30713"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021041363"
      },
      {
        "trust": 0.6,
        "url": "https://support.apple.com/en-us/ht212805"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021052415"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/164249/apple-security-advisory-2021-09-20-8.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1794"
      },
      {
        "trust": 0.6,
        "url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-35514"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.3102.2"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/20.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://threatpost.com/apple-patches-zero-day-flaw-in-macos-that-allows-for-sneaky-screenshots/166428/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-22925"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30830"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30832"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/kb/ht201222"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-29622"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30828"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/ht212805."
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2013-0340"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30841"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30855"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30843"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30844"
      },
      {
        "trust": 0.1,
        "url": "https://support.apple.com/downloads/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30859"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30829"
      },
      {
        "trust": 0.1,
        "url": "https://www.apple.com/support/security/pgp/"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30857"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30783"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30850"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30827"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30847"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30842"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30860"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-30835"
      }
    ],
    "sources": [
      {
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "sources": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      },
      {
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "sources_release_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "date": "2021-09-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "date": "2022-09-14T00:00:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "date": "2021-09-22T16:35:10",
        "db": "PACKETSTORM",
        "id": "164249"
      },
      {
        "date": "2021-04-13T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2021-05-24T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      },
      {
        "date": "2021-09-08T15:15:15.893000",
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "sources_update_date": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
      "data": {
        "@container": "@list"
      }
    },
    "data": [
      {
        "date": "2022-07-12T00:00:00",
        "db": "VULHUB",
        "id": "VHN-390446"
      },
      {
        "date": "2023-08-08T00:00:00",
        "db": "VULMON",
        "id": "CVE-2021-30713"
      },
      {
        "date": "2022-09-14T02:48:00",
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      },
      {
        "date": "2021-04-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      },
      {
        "date": "2022-07-14T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      },
      {
        "date": "2023-08-08T14:22:24.967000",
        "db": "NVD",
        "id": "CVE-2021-30713"
      }
    ]
  },
  "threat_type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/threat_type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "local",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202105-1452"
      }
    ],
    "trust": 0.6
  },
  "title": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/title#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "macOS\u00a0 Vulnerability in",
    "sources": [
      {
        "db": "JVNDB",
        "id": "JVNDB-2021-013483"
      }
    ],
    "trust": 0.8
  },
  "type": {
    "@context": {
      "@vocab": "https://www.variotdbs.pl/ref/type#",
      "sources": {
        "@container": "@list",
        "@context": {
          "@vocab": "https://www.variotdbs.pl/ref/sources#"
        }
      }
    },
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202104-975"
      }
    ],
    "trust": 0.6
  }
}

GSD-2021-30713

Vulnerability from gsd - Updated: 2023-12-13 01:23

Details

Aliases

CVE-2021-30713

Aliases

CVE-2021-30713

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-30713",
    "description": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..",
    "id": "GSD-2021-30713"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2021-30713"
      ],
      "details": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..",
      "id": "GSD-2021-30713",
      "modified": "2023-12-13T01:23:31.373519Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cisa.gov": {
      "cveID": "CVE-2021-30713",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "product": "macOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple macOS Input Validation Error"
    },
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "product-security@apple.com",
        "ID": "CVE-2021-30713",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "macOS",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "\u003c",
                          "version_value": "11.4"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "Apple"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited."
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://support.apple.com/en-us/HT212529",
            "refsource": "MISC",
            "url": "https://support.apple.com/en-us/HT212529"
          },
          {
            "name": "https://support.apple.com/kb/HT212805",
            "refsource": "CONFIRM",
            "url": "https://support.apple.com/kb/HT212805"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
            "refsource": "FULLDISC",
            "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndExcluding": "11.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "10.15.7",
                "versionStartIncluding": "10.15",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30713"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "NVD-CWE-noinfo"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212529",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/en-us/HT212529"
            },
            {
              "name": "https://support.apple.com/kb/HT212805",
              "refsource": "CONFIRM",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://support.apple.com/kb/HT212805"
            },
            {
              "name": "20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina",
              "refsource": "FULLDISC",
              "tags": [
                "Mailing List",
                "Third Party Advisory"
              ],
              "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "LOCAL",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 4.6,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "PARTIAL",
            "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 6.4,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "LOCAL",
            "availabilityImpact": "HIGH",
            "baseScore": 7.8,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "HIGH",
            "integrityImpact": "HIGH",
            "privilegesRequired": "LOW",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 1.8,
          "impactScore": 5.9
        }
      },
      "lastModifiedDate": "2022-07-12T17:42Z",
      "publishedDate": "2021-09-08T15:15Z"
    }
  }
}

CNVD-2021-40763

Vulnerability from cnvd - Published: 2021-06-10

Title

Apple macOS Big Sur输入验证错误漏洞

Description

Apple macOS Big Sur是美国苹果（Apple）公司的一个手机应用APP。 macOS Big Sur存在输入验证错误漏洞，该漏洞源于TCC子系统内未能充分验证用户提供的输入,恶意应用程序可以绕过隐私首选项，获取敏感信息。目前没有详细的漏洞细节提供。

Severity

中

Patch Name

Apple macOS Big Sur输入验证错误漏洞的补丁

Patch Description

Apple macOS Big Sur是美国苹果（Apple）公司的一个手机应用APP。 macOS Big Sur存在输入验证错误漏洞，该漏洞源于TCC子系统内未能充分验证用户提供的输入,恶意应用程序可以绕过隐私首选项，获取敏感信息。目前没有详细的漏洞细节提供。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已发布升级补丁以修复漏洞，补丁获取链接： https://support.apple.com/en-us/HT212529

Reference

https://www.cybersecurity-help.cz/vdb/SB2021052415

Impacted products

Name
['Apple MacOS 11.0 20A2411', 'Apple MacOS 11.0.1 20B29', 'Apple MacOS 11.0.1 20B50', 'Apple MacOS 11.1 20C69', 'Apple MacOS 11.2 20D64', 'Apple MacOS 11.2.1 20D74', 'Apple MacOS 11.2.1 20D75', 'Apple MacOS 11.2.2 20D80', 'Apple MacOS 11.2.3 20D91', 'Apple MacOS 11.3 20E232', 'Apple MacOS 11.3.1 20E241']

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2021-30713"
    }
  },
  "description": "Apple macOS Big Sur\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u624b\u673a\u5e94\u7528APP\u3002\n\nmacOS Big Sur\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eTCC\u5b50\u7cfb\u7edf\u5185\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165,\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u7ed5\u8fc7\u9690\u79c1\u9996\u9009\u9879\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u53d1\u5e03\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u6f0f\u6d1e\uff0c\u8865\u4e01\u83b7\u53d6\u94fe\u63a5\uff1a\r\nhttps://support.apple.com/en-us/HT212529",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2021-40763",
  "openTime": "2021-06-10",
  "patchDescription": "Apple macOS Big Sur\u662f\u7f8e\u56fd\u82f9\u679c\uff08Apple\uff09\u516c\u53f8\u7684\u4e00\u4e2a\u624b\u673a\u5e94\u7528APP\u3002\r\n\r\nmacOS Big Sur\u5b58\u5728\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8eTCC\u5b50\u7cfb\u7edf\u5185\u672a\u80fd\u5145\u5206\u9a8c\u8bc1\u7528\u6237\u63d0\u4f9b\u7684\u8f93\u5165,\u6076\u610f\u5e94\u7528\u7a0b\u5e8f\u53ef\u4ee5\u7ed5\u8fc7\u9690\u79c1\u9996\u9009\u9879\uff0c\u83b7\u53d6\u654f\u611f\u4fe1\u606f\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Apple macOS Big Sur\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e \u7684\u8865\u4e01",
  "products": {
    "product": [
      "Apple  MacOS 11.0 20A2411",
      "Apple  MacOS 11.0.1 20B29",
      "Apple  MacOS 11.0.1 20B50",
      "Apple  MacOS 11.1 20C69",
      "Apple  MacOS 11.2 20D64",
      "Apple  MacOS 11.2.1 20D74",
      "Apple  MacOS 11.2.1 20D75",
      "Apple  MacOS 11.2.2 20D80",
      "Apple  MacOS 11.2.3 20D91",
      "Apple  MacOS 11.3 20E232",
      "Apple  MacOS 11.3.1 20E241"
    ]
  },
  "referenceLink": "https://www.cybersecurity-help.cz/vdb/SB2021052415",
  "serverity": "\u4e2d",
  "submitTime": "2021-05-28",
  "title": "Apple macOS Big Sur\u8f93\u5165\u9a8c\u8bc1\u9519\u8bef\u6f0f\u6d1e"
}

GHSA-X3VF-FCQ8-6CPG

Vulnerability from github – Published: 2022-05-24 19:13 – Updated: 2025-10-22 00:32

Details

Severity ?

7.8 (High)


                  
                    CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2021-30713"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-862",
      "CWE-863"
    ],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2021-09-08T15:15:00Z",
    "severity": "HIGH"
  },
  "details": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..",
  "id": "GHSA-x3vf-fcq8-6cpg",
  "modified": "2025-10-22T00:32:19Z",
  "published": "2022-05-24T19:13:22Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-30713"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "type": "WEB",
      "url": "https://support.apple.com/kb/HT212805"
    },
    {
      "type": "WEB",
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713"
    },
    {
      "type": "WEB",
      "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
      "type": "CVSS_V3"
    }
  ]
}

FKIE_CVE-2021-30713

Vulnerability from fkie_nvd - Published: 2021-09-08 15:15 - Updated: 2025-10-23 14:56

CISA KEV

Severity ?

7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
7.8 (High) - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Summary

References

URL	Tags
product-security@apple.com	http://seclists.org/fulldisclosure/2021/Sep/40	Mailing List, Third Party Advisory
product-security@apple.com	https://support.apple.com/en-us/HT212529	Release Notes, Vendor Advisory
product-security@apple.com	https://support.apple.com/kb/HT212805	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://seclists.org/fulldisclosure/2021/Sep/40	Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/en-us/HT212529	Release Notes, Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://support.apple.com/kb/HT212805	Release Notes, Vendor Advisory
134c704f-9b21-4f2e-91b3-4a467353bcc0	https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713	Third Party Advisory, US Government Resource

Impacted products

Vendor	Product	Version
apple	mac_os_x	*
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	mac_os_x	10.15.7
apple	macos	*

JSON

To clipboard

{
  "cisaActionDue": "2021-11-17",
  "cisaExploitAdd": "2021-11-03",
  "cisaRequiredAction": "Apply updates per vendor instructions.",
  "cisaVulnerabilityName": "Apple macOS Unspecified Vulnerability",
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "059EC990-44D3-4DEC-9933-90A0706FEF22",
              "versionEndIncluding": "10.15.7",
              "versionStartIncluding": "10.15",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*",
              "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:*",
              "matchCriteriaId": "F12CC8B5-C1EB-419E-8496-B9A3864656AD",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*",
              "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:*",
              "matchCriteriaId": "7FD7176C-F4D1-43A7-9E49-BA92CA0D9980",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:*",
              "matchCriteriaId": "2703DE0B-8A9E-4A9D-9AE8-028E22BF47CA",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:*",
              "matchCriteriaId": "0F441A43-1669-478D-9EC8-E96882DE4F9F",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:*",
              "matchCriteriaId": "D425C653-37A2-448C-BF2F-B684ADB08A26",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:*",
              "matchCriteriaId": "A54D63B7-B92B-47C3-B1C5-9892E5873A98",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:*",
              "matchCriteriaId": "3456176F-9185-4EE2-A8CE-3D989D674AB7",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "49989826-E25B-4280-8EEA-A3ECC49F3635",
              "versionEndExcluding": "11.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited.."
    },
    {
      "lang": "es",
      "value": "Se abord\u00f3 un problema de permisos con una comprobaci\u00f3n mejorada. Este problema es corregido en macOS Big Sur versi\u00f3n 11.4. Una aplicaci\u00f3n maliciosa puede ser capaz de omitir las preferencias de privacidad. Apple presenta conocimiento de un informe que indica que este problema puede haber sido explotado activamente"
    }
  ],
  "id": "CVE-2021-30713",
  "lastModified": "2025-10-23T14:56:11.420",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "LOCAL",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 4.6,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "PARTIAL",
          "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 6.4,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "nvd@nist.gov",
        "type": "Primary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "LOCAL",
          "availabilityImpact": "HIGH",
          "baseScore": 7.8,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "HIGH",
          "integrityImpact": "HIGH",
          "privilegesRequired": "LOW",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 1.8,
        "impactScore": 5.9,
        "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
        "type": "Secondary"
      }
    ]
  },
  "published": "2021-09-08T15:15:15.893",
  "references": [
    {
      "source": "product-security@apple.com",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "source": "product-security@apple.com",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212805"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Mailing List",
        "Third Party Advisory"
      ],
      "url": "http://seclists.org/fulldisclosure/2021/Sep/40"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/en-us/HT212529"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Vendor Advisory"
      ],
      "url": "https://support.apple.com/kb/HT212805"
    },
    {
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "tags": [
        "Third Party Advisory",
        "US Government Resource"
      ],
      "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713"
    }
  ],
  "sourceIdentifier": "product-security@apple.com",
  "vulnStatus": "Analyzed",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-862"
        }
      ],
      "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
      "type": "Secondary"
    }
  ]
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-30713 (GCVE-0-2021-30713)

CISA KEV

Known Exploited Vulnerability - GCVE BCP-07 Compliant

Timestamps

Scope

Evidence

Vendor Report Successful Exploitation Confidence: 80% Source: cisa-kev

Details

References

CERTFR-2021-AVI-398

Solution

CERTFR-2021-AVI-398

Solution

VAR-202109-1380

GSD-2021-30713

CNVD-2021-40763

GHSA-X3VF-FCQ8-6CPG

FKIE_CVE-2021-30713

Tags

Sightings

Nomenclature