var-202108-1287
Vulnerability from variot
This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. apple's Apple Mac OS X and macOS Exists in a fraudulent authentication vulnerability.Information may be tampered with. Information about the security content is also available at https://support.apple.com/HT213055.
Audio Available for: macOS Big Sur Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information Description: A buffer overflow issue was addressed with improved memory handling. CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab
iCloud Available for: macOS Big Sur Impact: An application may be able to access a user's files Description: An issue existed within the path validation logic for symlinks. CVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab (https://xlab.tencent.com)
IOMobileFrameBuffer Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM) of MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri (@b1n4r1b01)
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A buffer overflow issue was addressed with improved memory handling. CVE-2022-22593: Peter Nguyễn Vũ Hoàng of STAR Labs
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted STL file may lead to unexpected application termination or arbitrary code execution Description: An information disclosure issue was addressed with improved state management. CVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro
PackageKit Available for: macOS Big Sur Impact: An application may be able to access restricted files Description: A permissions issue was addressed with improved validation. CVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of Perception Point, Mickey Jin (@patch1t)
TCC Available for: macOS Big Sur Impact: A malicious application may be able to bypass certain Privacy preferences Description: This issue was addressed with improved checks. CVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09), and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com), Wojciech Reguła (@_r3ggi), jhftss (@patch1t), Csaba Fitzl (@theevilbit) of Offensive Security
Additional recognition
Kernel We would like to acknowledge Tao Huang for their assistance.
Metal We would like to acknowledge Tao Huang for their assistance.
PackageKit We would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for their assistance.
Installation note:
This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx05IACgkQeC9qKD1p rhjtWQ//TmET3pnDZUsC66AAWcqn+nGUr6ChR/uSDIZRAUqxwBxLt+bRZWRdGaXt 1Ew0Lg1Ww/E/mC1t9FCiLMqrCKH6uwddwtM9uHAuM5pUgW7RssFqrVGSRv8Ge1+h yWP4ZeSd6vy6QaGceNUU+W4XhIVgbcqeSrnFK3fjLFpWrlFk3WEVXyazxXckYKeN i5SMI4w71oZymSILmZNaL79bUJa7oZcYQXG08x5KrFEDC3rV8OdollQvMYwKn3kG kp+yW94rxna1ayhKkmiyNmnWbqWtGpJ/QEk44KeHWTz2mY/qAiWv4LpadGjccrdy tF6O2Ugp+6kSA1VnT0hpcKhC/I6s5tuLXB9QKN01H1754gZvwusTZm+Uwt5Z4OzR ZFeMPfJ7POx6HN2jORLh5Pa19f8DeqSJ+LqX95v5C/FyW2XjKc0X6HpCUCcdVD2p qbuaFcrE5fb1q2gxa4/DG+c6oiElKMh+tivIDNW39/roNCfmhpex52hxRtRxh7N3 xl4GPqlhquyl+yav7lrFZOgDsegR64gBPjkkn0e2JnTnJNDgKa9Kg/PhMNfymF2F k+t0/V/rl0w3Yv6wyWzG1b3Uwu0ermWBOmVfM39DfbGaTdXn9EIZW4YtuEAM6tcX ljuc39qmE5yg6YHKmGyP8ms0lSIEK58NyAK3Aid/aip3RAuXMCE= =+OmT -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-1287",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.3"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "12.0.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.0.0"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.0.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0 that\u0027s all 11.6.3"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "165774"
},
{
"db": "PACKETSTORM",
"id": "165773"
}
],
"trust": 0.2
},
"cve": "CVE-2021-30972",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "CVE-2021-30972",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 1.9,
"vectorString": "AV:L/AC:L/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "NONE",
"exploitabilityScore": 3.9,
"id": "VHN-390705",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "LOW",
"trust": 0.1,
"vectorString": "AV:L/AC:L/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30972",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-30972",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "Low",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "None",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30972",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-30972",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2076",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-390705",
"trust": 0.1,
"value": "LOW"
},
{
"author": "VULMON",
"id": "CVE-2021-30972",
"trust": 0.1,
"value": "LOW"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390705"
},
{
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
},
{
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "This issue was addressed with improved checks. This issue is fixed in Security Update 2022-001 Catalina, macOS Big Sur 11.6.3. A malicious application may be able to bypass certain Privacy preferences. apple\u0027s Apple Mac OS X and macOS Exists in a fraudulent authentication vulnerability.Information may be tampered with. \nInformation about the security content is also available at \nhttps://support.apple.com/HT213055. \n\nAudio\nAvailable for: macOS Big Sur\nImpact: Parsing a maliciously crafted audio file may lead to\ndisclosure of user information\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab\n\niCloud\nAvailable for: macOS Big Sur\nImpact: An application may be able to access a user\u0027s files\nDescription: An issue existed within the path validation logic for\nsymlinks. \nCVE-2022-22585: Zhipeng Huo (@R3dF09) of Tencent Security Xuanwu Lab\n(https://xlab.tencent.com)\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges. Apple is aware of a report that this issue\nmay have been actively exploited. \nCVE-2022-22587: an anonymous researcher, Meysam Firouzi (@R00tkitSMM)\nof MBition - Mercedes-Benz Innovation Lab, Siddharth Aeri\n(@b1n4r1b01)\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A buffer overflow issue was addressed with improved\nmemory handling. \nCVE-2022-22593: Peter Nguy\u1ec5n V\u0169 Ho\u00e0ng of STAR Labs\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted STL file may lead to\nunexpected application termination or arbitrary code execution\nDescription: An information disclosure issue was addressed with\nimproved state management. \nCVE-2022-22579: Mickey Jin (@patch1t) of Trend Micro\n\nPackageKit\nAvailable for: macOS Big Sur\nImpact: An application may be able to access restricted files\nDescription: A permissions issue was addressed with improved\nvalidation. \nCVE-2022-22583: an anonymous researcher, Ron Hass (@ronhass7) of\nPerception Point, Mickey Jin (@patch1t)\n\nTCC\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to bypass certain Privacy\npreferences\nDescription: This issue was addressed with improved checks. \nCVE-2021-30972: Xuxiang Yang (@another1024), Zhipeng Huo (@R3dF09),\nand Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab\n(xlab.tencent.com), Wojciech Regu\u0142a (@_r3ggi), jhftss (@patch1t),\nCsaba Fitzl (@theevilbit) of Offensive Security\n\nAdditional recognition\n\nKernel\nWe would like to acknowledge Tao Huang for their assistance. \n\nMetal\nWe would like to acknowledge Tao Huang for their assistance. \n\nPackageKit\nWe would like to acknowledge Mickey Jin (@patch1t) of Trend Micro for\ntheir assistance. \n\nInstallation note:\n\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmHx05IACgkQeC9qKD1p\nrhjtWQ//TmET3pnDZUsC66AAWcqn+nGUr6ChR/uSDIZRAUqxwBxLt+bRZWRdGaXt\n1Ew0Lg1Ww/E/mC1t9FCiLMqrCKH6uwddwtM9uHAuM5pUgW7RssFqrVGSRv8Ge1+h\nyWP4ZeSd6vy6QaGceNUU+W4XhIVgbcqeSrnFK3fjLFpWrlFk3WEVXyazxXckYKeN\ni5SMI4w71oZymSILmZNaL79bUJa7oZcYQXG08x5KrFEDC3rV8OdollQvMYwKn3kG\nkp+yW94rxna1ayhKkmiyNmnWbqWtGpJ/QEk44KeHWTz2mY/qAiWv4LpadGjccrdy\ntF6O2Ugp+6kSA1VnT0hpcKhC/I6s5tuLXB9QKN01H1754gZvwusTZm+Uwt5Z4OzR\nZFeMPfJ7POx6HN2jORLh5Pa19f8DeqSJ+LqX95v5C/FyW2XjKc0X6HpCUCcdVD2p\nqbuaFcrE5fb1q2gxa4/DG+c6oiElKMh+tivIDNW39/roNCfmhpex52hxRtRxh7N3\nxl4GPqlhquyl+yav7lrFZOgDsegR64gBPjkkn0e2JnTnJNDgKa9Kg/PhMNfymF2F\nk+t0/V/rl0w3Yv6wyWzG1b3Uwu0ermWBOmVfM39DfbGaTdXn9EIZW4YtuEAM6tcX\nljuc39qmE5yg6YHKmGyP8ms0lSIEK58NyAK3Aid/aip3RAuXMCE=\n=+OmT\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "VULHUB",
"id": "VHN-390705"
},
{
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"db": "PACKETSTORM",
"id": "165774"
},
{
"db": "PACKETSTORM",
"id": "165773"
}
],
"trust": 1.98
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390705",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390705"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30972",
"trust": 3.6
},
{
"db": "PACKETSTORM",
"id": "165774",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210",
"trust": 0.8
},
{
"db": "CS-HELP",
"id": "SB2022012634",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2022.0400",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2076",
"trust": 0.6
},
{
"db": "PACKETSTORM",
"id": "165773",
"trust": 0.2
},
{
"db": "VULHUB",
"id": "VHN-390705",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30972",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390705"
},
{
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "PACKETSTORM",
"id": "165774"
},
{
"db": "PACKETSTORM",
"id": "165773"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
},
{
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"id": "VAR-202108-1287",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390705"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:44:28.107000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT213056 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT213055"
},
{
"title": "Apple macOS Big Sur Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=186814"
},
{
"title": "",
"trust": 0.1,
"url": "https://github.com/another1024/another1024 "
}
],
"sources": [
{
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "CWE-863",
"trust": 1.1
},
{
"problemtype": "Illegal authentication (CWE-863) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390705"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.4,
"url": "https://support.apple.com/en-us/ht213055"
},
{
"trust": 1.8,
"url": "https://support.apple.com/kb/ht212978"
},
{
"trust": 1.8,
"url": "https://support.apple.com/en-us/ht213056"
},
{
"trust": 1.0,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30972"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2022.0400"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/165774/apple-security-advisory-2022-01-26-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2022012634"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-37394"
},
{
"trust": 0.2,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.2,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22593"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22579"
},
{
"trust": 0.2,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22583"
},
{
"trust": 0.1,
"url": "https://cwe.mitre.org/data/definitions/863.html"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://github.com/another1024/another1024"
},
{
"trust": 0.1,
"url": "http://seclists.org/fulldisclosure/2022/jan/80"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213056."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30946"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30960"
},
{
"trust": 0.1,
"url": "https://xlab.tencent.com)"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22587"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2022-22585"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht213055."
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390705"
},
{
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "PACKETSTORM",
"id": "165774"
},
{
"db": "PACKETSTORM",
"id": "165773"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
},
{
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390705"
},
{
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"db": "PACKETSTORM",
"id": "165774"
},
{
"db": "PACKETSTORM",
"id": "165773"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
},
{
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390705"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"date": "2024-07-18T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"date": "2022-01-31T15:46:38",
"db": "PACKETSTORM",
"id": "165774"
},
{
"date": "2022-01-31T15:46:23",
"db": "PACKETSTORM",
"id": "165773"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2076"
},
{
"date": "2021-08-24T19:15:22.953000",
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-08T00:00:00",
"db": "VULHUB",
"id": "VHN-390705"
},
{
"date": "2022-10-08T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30972"
},
{
"date": "2024-07-18T08:19:00",
"db": "JVNDB",
"id": "JVNDB-2021-021210"
},
{
"date": "2022-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2076"
},
{
"date": "2023-11-07T03:34:08.170000",
"db": "NVD",
"id": "CVE-2021-30972"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Apple\u00a0Mac\u00a0OS\u00a0X\u00a0 and \u00a0macOS\u00a0 Fraud related to unauthorized authentication in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-021210"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2076"
}
],
"trust": 0.6
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.
Loading…
Loading…