var-202104-0622
Vulnerability from variot
A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. Xcode Exists in unspecified vulnerabilities.Information may be obtained. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
APPLE-SA-2021-01-26-4 Xcode 12.4
Xcode 12.4 addresses the following issues. Information about the security content is also available at https://support.apple.com/HT212153. CVE-2021-1800: Theodore Dubois (@tbodt)
Installation note:
Xcode 12.4 may be obtained from:
https://developer.apple.com/xcode/downloads/
To check that the Xcode has been updated:
- Select Xcode in the menu bar
- Select About Xcode
- The version after applying this update will be "Xcode 12.4".
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAQgRcACgkQZcsbuWJ6 jjCzEQ//YOHe+Pi2janl+HduJZ7XHmNiPFX5tsXbfYddkwB34ZiLTeK7UPul+VM0 /Z6/5cuZNwvFhIFYTu2Gh+27gfW9i1wdnl2tIqfeyhN/w7NNdD7bDjJ4oVNsU3E0 BAO0OD76qWWhdm1vErj+74jtRAlhXcuV+PsyJT3n+unJlsYBGxlK56NdIrhbDnQW IdZ6bGh6uCE643pret1TBtobnMJ/WUkFd1xuvVh2nkE9dUqh+rCrvDBWqkYKYh7m MdGi45GU6y/viwWAn5rlDe/vsRABwCP/KpSZaaJOFhZt3IZF+jSMezFyWi6gwgQA BnCrC+P0Q+V987vubp4gorueuRbBZ76Oye8Ltm5DHGnW7g3756R9QO3chLZPjGDv IKwvyrbKL/+r41b6Jd2YOzF5PeuJXpAFTa4rYZdjauRlT2GCf68USWOobjJNhfOJ /pC4PZqB1CfWywIXNFFirLNS/zrMp+qtbh69ThESXb25hiDkvc69kTW0k/SpdygA +UHHo2vMymPrDuuZyINkxZm+h0Viy5PLldg6tlPTNFLeFgr2kNXepSjUqq7sTIN8 BF7ZQ+cpdSnzoo8zxteQZnc7RvhXDdMAUJT8lrVFD1mwob8Wr39dh8ANDhFTuJk3 Ee7P3rkLEQxV0U4bQns2GA9VaT54LlO7m+Qj1bYetnhLYjdPGEc=G4Ph -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202104-0622",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "xcode",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "12.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.4"
},
{
"model": "xcode",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "xcode",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "161149"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
}
],
"trust": 0.7
},
"cve": "CVE-2021-1800",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "CVE-2021-1800",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 1.9,
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"exploitabilityScore": 8.6,
"id": "VHN-376460",
"impactScore": 2.9,
"integrityImpact": "NONE",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:P/I:N/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"exploitabilityScore": 1.8,
"id": "CVE-2021-1800",
"impactScore": 3.6,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "High",
"exploitabilityScore": null,
"id": "CVE-2021-1800",
"impactScore": null,
"integrityImpact": "None",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-1800",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-1800",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202101-2421",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-376460",
"trust": 0.1,
"value": "MEDIUM"
},
{
"author": "VULMON",
"id": "CVE-2021-1800",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376460"
},
{
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
},
{
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "A path handling issue was addressed with improved validation. This issue is fixed in Xcode 12.4. A malicious application may be able to access arbitrary files on the host device while running an app that uses on-demand resources with Xcode. Xcode Exists in unspecified vulnerabilities.Information may be obtained. Apple Xcode is an integrated development environment provided by Apple (Apple) to developers. It is mainly used to develop applications for Mac OS X and iOS. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\nAPPLE-SA-2021-01-26-4 Xcode 12.4\n\nXcode 12.4 addresses the following issues. Information about the\nsecurity content is also available at\nhttps://support.apple.com/HT212153. \nCVE-2021-1800: Theodore Dubois (@tbodt)\n\nInstallation note:\n\nXcode 12.4 may be obtained from:\n\nhttps://developer.apple.com/xcode/downloads/\n\nTo check that the Xcode has been updated:\n\n* Select Xcode in the menu bar\n* Select About Xcode\n* The version after applying this update will be \"Xcode 12.4\". \n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmAQgRcACgkQZcsbuWJ6\njjCzEQ//YOHe+Pi2janl+HduJZ7XHmNiPFX5tsXbfYddkwB34ZiLTeK7UPul+VM0\n/Z6/5cuZNwvFhIFYTu2Gh+27gfW9i1wdnl2tIqfeyhN/w7NNdD7bDjJ4oVNsU3E0\nBAO0OD76qWWhdm1vErj+74jtRAlhXcuV+PsyJT3n+unJlsYBGxlK56NdIrhbDnQW\nIdZ6bGh6uCE643pret1TBtobnMJ/WUkFd1xuvVh2nkE9dUqh+rCrvDBWqkYKYh7m\nMdGi45GU6y/viwWAn5rlDe/vsRABwCP/KpSZaaJOFhZt3IZF+jSMezFyWi6gwgQA\nBnCrC+P0Q+V987vubp4gorueuRbBZ76Oye8Ltm5DHGnW7g3756R9QO3chLZPjGDv\nIKwvyrbKL/+r41b6Jd2YOzF5PeuJXpAFTa4rYZdjauRlT2GCf68USWOobjJNhfOJ\n/pC4PZqB1CfWywIXNFFirLNS/zrMp+qtbh69ThESXb25hiDkvc69kTW0k/SpdygA\n+UHHo2vMymPrDuuZyINkxZm+h0Viy5PLldg6tlPTNFLeFgr2kNXepSjUqq7sTIN8\nBF7ZQ+cpdSnzoo8zxteQZnc7RvhXDdMAUJT8lrVFD1mwob8Wr39dh8ANDhFTuJk3\nEe7P3rkLEQxV0U4bQns2GA9VaT54LlO7m+Qj1bYetnhLYjdPGEc=G4Ph\n-----END PGP SIGNATURE-----\n\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-1800"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "VULHUB",
"id": "VHN-376460"
},
{
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"db": "PACKETSTORM",
"id": "161149"
}
],
"trust": 1.89
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-1800",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "161149",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.0301",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421",
"trust": 0.6
},
{
"db": "CNVD",
"id": "CNVD-2022-23941",
"trust": 0.1
},
{
"db": "VULHUB",
"id": "VHN-376460",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-1800",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376460"
},
{
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "PACKETSTORM",
"id": "161149"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
},
{
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"id": "VAR-202104-0622",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-376460"
}
],
"trust": 0.01
},
"last_update_date": "2024-11-23T23:01:02.776000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212153 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212153"
},
{
"title": "Apple Xcode Security vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=140033"
},
{
"title": null,
"trust": 0.1,
"url": "https://www.theregister.co.uk/2021/01/26/apple_ios_zero_days/"
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht212153"
},
{
"trust": 1.5,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-1800"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.0301/"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/161149/apple-security-advisory-2021-01-26-4.html"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2021/jan/83"
},
{
"trust": 0.1,
"url": "https://developer.apple.com/xcode/downloads/"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212153."
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-376460"
},
{
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "PACKETSTORM",
"id": "161149"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
},
{
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-376460"
},
{
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"db": "PACKETSTORM",
"id": "161149"
},
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
},
{
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-02T00:00:00",
"db": "VULHUB",
"id": "VHN-376460"
},
{
"date": "2021-04-02T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"date": "2022-09-08T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"date": "2021-01-27T14:11:19",
"db": "PACKETSTORM",
"id": "161149"
},
{
"date": "2021-01-27T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2421"
},
{
"date": "2021-04-02T19:15:19.693000",
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-04-08T00:00:00",
"db": "VULHUB",
"id": "VHN-376460"
},
{
"date": "2021-04-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-1800"
},
{
"date": "2022-09-08T01:39:00",
"db": "JVNDB",
"id": "JVNDB-2021-012731"
},
{
"date": "2021-10-29T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202101-2421"
},
{
"date": "2024-11-21T05:45:08.300000",
"db": "NVD",
"id": "CVE-2021-1800"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Xcode\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-012731"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "other",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202101-2421"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.