var-202108-2082
Vulnerability from variot
The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables. apple's Apple Mac OS X and macOS Exists in unspecified vulnerabilities.Information may be tampered with. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. Information about the security content is also available at https://support.apple.com/HT212872.
AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30876: Jeremy Brown, hjy79425575 CVE-2021-30879: Jeremy Brown, hjy79425575 CVE-2021-30877: Jeremy Brown CVE-2021-30880: Jeremy Brown
Audio Available for: macOS Big Sur Impact: A malicious application may be able to elevate privileges Description: An integer overflow was addressed through improved input validation. CVE-2021-30907: Zweig of Kunlun Lab
Bluetooth Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved state handling. CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America
ColorSync Available for: macOS Big Sur Impact: Processing a maliciously crafted image may lead to arbitrary code execution Description: A memory corruption issue existed in the processing of ICC profiles. CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero
CoreGraphics Available for: macOS Big Sur Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution Description: An out-of-bounds write was addressed with improved input validation. CVE-2021-30919
FileProvider Available for: macOS Big Sur Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution Description: An input validation issue was addressed with improved memory handling. CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360
iCloud Available for: macOS Big Sur Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks. CVE-2021-30906: Cees Elzinga
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved state management. CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto
Intel Graphics Driver Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: Multiple out-of-bounds write issues were addressed with improved bounds checking. CVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong Lab, Yinyi Wu (@3ndy1), Jack Dates of RET2 Systems, Inc.
IOGraphics Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications
IOMobileFrameBuffer Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. CVE-2021-30883: an anonymous researcher
Kernel Available for: macOS Big Sur Impact: An application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30909: Zweig of Kunlun Lab
Kernel Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A memory corruption issue was addressed with improved memory handling. CVE-2021-30916: Zweig of Kunlun Lab
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted file may disclose user information Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O Available for: macOS Big Sur Impact: Processing a maliciously crafted USD file may disclose memory contents Description: An out-of-bounds read was addressed with improved bounds checking. CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab
SMB Available for: macOS Big Sur Impact: A malicious application may be able to execute arbitrary code with kernel privileges Description: A race condition was addressed with improved locking. CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs
SoftwareUpdate Available for: macOS Big Sur Impact: An unprivileged application may be able to edit NVRAM variables Description: The issue was addressed with improved permissions logic. CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
SoftwareUpdate Available for: macOS Big Sur Impact: A malicious application may gain access to a user's Keychain items Description: The issue was addressed with improved permissions logic. CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent Security Xuanwu Lab
UIKit Available for: macOS Big Sur Impact: A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field Description: A logic issue was addressed with improved state management. CVE-2021-30915: Kostas Angelopoulos
Windows Server Available for: macOS Big Sur Impact: A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen Description: An authentication issue was addressed with improved state management. CVE-2021-30908: ASentientBot
zsh Available for: macOS Big Sur Impact: A malicious application may be able to modify protected parts of the file system Description: An inherited permissions issue was addressed with additional restrictions. CVE-2021-30892: Jonathan Bar Or of Microsoft
Additional recognition
iCloud We would like to acknowledge Ryan Pickren (ryanpickren.com) for their assistance.
Installation note: This update may be obtained from the Mac App Store
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
Information will also be posted to the Apple Security Updates web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key, and details are available at: https://www.apple.com/support/security/pgp/
-----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hqoACgkQeC9qKD1p rhjexhAAtR/7FXVHWotw6RoCYu2agcJCed2Jnnf47+RKSptNEqvMwaknr2eQBUKb 1PQ0vVS3vLGALM73r8Kg1VcxQYTb27uVc1KCkTLIsMHsGLHmH+ZWEVS/ZwfS3nnY fLxemzNKTYc21935GT8Uvx6pEENh7Tfu+j/arZ4nbhtE04Ggbgxhv78k4wdlLbLI Z25whdX8EResx9Rh9mRBa/WDvqNfTkXEkjIAf2ge0H9MzzW/wB5UdUOwG/B9zUOi 9S21Xn+QUhIpyaeZ0tUKHJs2g5L3bJtKuXyO5Msd2kkO2942o4ONMiXe7loSEowf POz/D9Y465T65LFJgTMjwObx716u9JdMlyxr9UIVI2TnQE3WHs6y/jHv1Pz8q5nV k5o//Fdcp4YHeOdoumGN+o/PvxxQ0XEunVT26msMuntcK4hywOFneufxixVDQFf1 4nP+0JGX+PGfqg5uBNJOi3nJwvjTqA6YtDBEbXBcV5WOCPOPzDTzxeXIp4WxyxH5 UKO5ne2XH2T6O0Vde4enAIXVWAhBMUha8FrHdPYEfWphsYgI7+vYuCYZORHPz6Zf Yf9svUpqb2u0gDs2iibi0GANw+3vzOaDOV3y4HKighI8xzs8m6+YNyOkcbEPPLyQ 7T5tzulHTMJczutLmpiiFDmIoKE3+s5PGmzrlM1qWUGrfpv+ReY= =XZJU -----END PGP SIGNATURE-----
Show details on source website{
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/VARIoTentry#",
"affected_products": {
"@id": "https://www.variotdbs.pl/ref/affected_products"
},
"configurations": {
"@id": "https://www.variotdbs.pl/ref/configurations"
},
"credits": {
"@id": "https://www.variotdbs.pl/ref/credits"
},
"cvss": {
"@id": "https://www.variotdbs.pl/ref/cvss/"
},
"description": {
"@id": "https://www.variotdbs.pl/ref/description/"
},
"exploit_availability": {
"@id": "https://www.variotdbs.pl/ref/exploit_availability/"
},
"external_ids": {
"@id": "https://www.variotdbs.pl/ref/external_ids/"
},
"iot": {
"@id": "https://www.variotdbs.pl/ref/iot/"
},
"iot_taxonomy": {
"@id": "https://www.variotdbs.pl/ref/iot_taxonomy/"
},
"patch": {
"@id": "https://www.variotdbs.pl/ref/patch/"
},
"problemtype_data": {
"@id": "https://www.variotdbs.pl/ref/problemtype_data/"
},
"references": {
"@id": "https://www.variotdbs.pl/ref/references/"
},
"sources": {
"@id": "https://www.variotdbs.pl/ref/sources/"
},
"sources_release_date": {
"@id": "https://www.variotdbs.pl/ref/sources_release_date/"
},
"sources_update_date": {
"@id": "https://www.variotdbs.pl/ref/sources_update_date/"
},
"threat_type": {
"@id": "https://www.variotdbs.pl/ref/threat_type/"
},
"title": {
"@id": "https://www.variotdbs.pl/ref/title/"
},
"type": {
"@id": "https://www.variotdbs.pl/ref/type/"
}
},
"@id": "https://www.variotdbs.pl/vuln/VAR-202108-2082",
"affected_products": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/affected_products#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"model": "mac os x",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "10.15"
},
{
"model": "macos",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "12.0"
},
{
"model": "mac os x",
"scope": "eq",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "macos",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "11.6.1"
},
{
"model": "macos",
"scope": "gte",
"trust": 1.0,
"vendor": "apple",
"version": "11.0"
},
{
"model": "mac os x",
"scope": "lt",
"trust": 1.0,
"vendor": "apple",
"version": "10.15.7"
},
{
"model": "apple mac os x",
"scope": null,
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": null
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "11.0 that\u0027s all 11.6.1"
},
{
"model": "macos",
"scope": "eq",
"trust": 0.8,
"vendor": "\u30a2\u30c3\u30d7\u30eb",
"version": "12.0"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"credits": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/credits#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "Apple",
"sources": [
{
"db": "PACKETSTORM",
"id": "164673"
}
],
"trust": 0.1
},
"cve": "CVE-2021-30913",
"cvss": {
"@context": {
"cvssV2": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV2#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV2"
},
"cvssV3": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/cvss/cvssV3#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/cvssV3/"
},
"severity": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/cvss/severity#"
},
"@id": "https://www.variotdbs.pl/ref/cvss/severity"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
},
"@id": "https://www.variotdbs.pl/ref/sources"
}
},
"data": [
{
"cvssV2": [
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "CVE-2021-30913",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 1.8,
"vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
"version": "2.0"
},
{
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"author": "VULHUB",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"exploitabilityScore": 8.6,
"id": "VHN-390646",
"impactScore": 2.9,
"integrityImpact": "PARTIAL",
"severity": "MEDIUM",
"trust": 0.1,
"vectorString": "AV:N/AC:M/AU:N/C:N/I:P/A:N",
"version": "2.0"
}
],
"cvssV3": [
{
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"author": "nvd@nist.gov",
"availabilityImpact": "NONE",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"exploitabilityScore": 1.8,
"id": "CVE-2021-30913",
"impactScore": 3.6,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"trust": 1.0,
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.1"
},
{
"attackComplexity": "Low",
"attackVector": "Local",
"author": "NVD",
"availabilityImpact": "None",
"baseScore": 5.5,
"baseSeverity": "Medium",
"confidentialityImpact": "None",
"exploitabilityScore": null,
"id": "CVE-2021-30913",
"impactScore": null,
"integrityImpact": "High",
"privilegesRequired": "None",
"scope": "Unchanged",
"trust": 0.8,
"userInteraction": "Required",
"vectorString": "CVSS:3.0/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N",
"version": "3.0"
}
],
"severity": [
{
"author": "nvd@nist.gov",
"id": "CVE-2021-30913",
"trust": 1.0,
"value": "MEDIUM"
},
{
"author": "NVD",
"id": "CVE-2021-30913",
"trust": 0.8,
"value": "Medium"
},
{
"author": "CNNVD",
"id": "CNNVD-202108-2005",
"trust": 0.6,
"value": "MEDIUM"
},
{
"author": "VULHUB",
"id": "VHN-390646",
"trust": 0.1,
"value": "MEDIUM"
}
]
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390646"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
},
{
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"description": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/description#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables. apple\u0027s Apple Mac OS X and macOS Exists in unspecified vulnerabilities.Information may be tampered with. ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by the CVE program. Notes: none. \nInformation about the security content is also available at\nhttps://support.apple.com/HT212872. \n\nAppleScript\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted AppleScript binary may\nresult in unexpected application termination or disclosure of process\nmemory\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30876: Jeremy Brown, hjy79425575\nCVE-2021-30879: Jeremy Brown, hjy79425575\nCVE-2021-30877: Jeremy Brown\nCVE-2021-30880: Jeremy Brown\n\nAudio\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to elevate privileges\nDescription: An integer overflow was addressed through improved input\nvalidation. \nCVE-2021-30907: Zweig of Kunlun Lab\n\nBluetooth\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved state\nhandling. \nCVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC\nRiverside, and Yu Wang of Didi Research America\n\nColorSync\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted image may lead to arbitrary\ncode execution\nDescription: A memory corruption issue existed in the processing of\nICC profiles. \nCVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google\nProject Zero\n\nCoreGraphics\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted PDF may lead to arbitrary\ncode execution\nDescription: An out-of-bounds write was addressed with improved input\nvalidation. \nCVE-2021-30919\n\nFileProvider\nAvailable for: macOS Big Sur\nImpact: Unpacking a maliciously crafted archive may lead to arbitrary\ncode execution\nDescription: An input validation issue was addressed with improved\nmemory handling. \nCVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab\nof Qihoo 360\n\niCloud\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to elevate their privileges\nDescription: This issue was addressed with improved checks. \nCVE-2021-30906: Cees Elzinga\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nstate management. \nCVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto\n\nIntel Graphics Driver\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: Multiple out-of-bounds write issues were addressed with\nimproved bounds checking. \nCVE-2021-30901: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong\nLab, Yinyi Wu (@3ndy1), Jack Dates of RET2 Systems, Inc. \n\nIOGraphics\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video\nCommunications\n\nIOMobileFrameBuffer\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges. Apple is aware of a report that this issue may\nhave been actively exploited. \nCVE-2021-30883: an anonymous researcher\n\nKernel\nAvailable for: macOS Big Sur\nImpact: An application may be able to execute arbitrary code with\nkernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30909: Zweig of Kunlun Lab\n\nKernel\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A memory corruption issue was addressed with improved\nmemory handling. \nCVE-2021-30916: Zweig of Kunlun Lab\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted file may disclose user\ninformation\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro\n\nModel I/O\nAvailable for: macOS Big Sur\nImpact: Processing a maliciously crafted USD file may disclose memory\ncontents\nDescription: An out-of-bounds read was addressed with improved bounds\nchecking. \nCVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year\nLab\n\nSMB\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to execute arbitrary code\nwith kernel privileges\nDescription: A race condition was addressed with improved locking. \nCVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: An unprivileged application may be able to edit NVRAM\nvariables\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent\nSecurity Xuanwu Lab\n\nSoftwareUpdate\nAvailable for: macOS Big Sur\nImpact: A malicious application may gain access to a user\u0027s Keychain\nitems\nDescription: The issue was addressed with improved permissions logic. \nCVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz__) of Tencent\nSecurity Xuanwu Lab\n\nUIKit\nAvailable for: macOS Big Sur\nImpact: A person with physical access to an iOS device may be able to\ndetermine characteristics of a user\u0027s password in a secure text entry\nfield\nDescription: A logic issue was addressed with improved state\nmanagement. \nCVE-2021-30915: Kostas Angelopoulos\n\nWindows Server\nAvailable for: macOS Big Sur\nImpact: A local attacker may be able to view the previous logged-in\nuser\u2019s desktop from the fast user switching screen\nDescription: An authentication issue was addressed with improved\nstate management. \nCVE-2021-30908: ASentientBot\n\nzsh\nAvailable for: macOS Big Sur\nImpact: A malicious application may be able to modify protected parts\nof the file system\nDescription: An inherited permissions issue was addressed with\nadditional restrictions. \nCVE-2021-30892: Jonathan Bar Or of Microsoft\n\nAdditional recognition\n\niCloud\nWe would like to acknowledge Ryan Pickren (ryanpickren.com) for their\nassistance. \n\nInstallation note:\nThis update may be obtained from the Mac App Store\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\nInformation will also be posted to the Apple Security Updates\nweb site: https://support.apple.com/kb/HT201222\n\nThis message is signed with Apple\u0027s Product Security PGP key,\nand details are available at:\nhttps://www.apple.com/support/security/pgp/\n\n-----BEGIN PGP SIGNATURE-----\n\niQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hqoACgkQeC9qKD1p\nrhjexhAAtR/7FXVHWotw6RoCYu2agcJCed2Jnnf47+RKSptNEqvMwaknr2eQBUKb\n1PQ0vVS3vLGALM73r8Kg1VcxQYTb27uVc1KCkTLIsMHsGLHmH+ZWEVS/ZwfS3nnY\nfLxemzNKTYc21935GT8Uvx6pEENh7Tfu+j/arZ4nbhtE04Ggbgxhv78k4wdlLbLI\nZ25whdX8EResx9Rh9mRBa/WDvqNfTkXEkjIAf2ge0H9MzzW/wB5UdUOwG/B9zUOi\n9S21Xn+QUhIpyaeZ0tUKHJs2g5L3bJtKuXyO5Msd2kkO2942o4ONMiXe7loSEowf\nPOz/D9Y465T65LFJgTMjwObx716u9JdMlyxr9UIVI2TnQE3WHs6y/jHv1Pz8q5nV\nk5o//Fdcp4YHeOdoumGN+o/PvxxQ0XEunVT26msMuntcK4hywOFneufxixVDQFf1\n4nP+0JGX+PGfqg5uBNJOi3nJwvjTqA6YtDBEbXBcV5WOCPOPzDTzxeXIp4WxyxH5\nUKO5ne2XH2T6O0Vde4enAIXVWAhBMUha8FrHdPYEfWphsYgI7+vYuCYZORHPz6Zf\nYf9svUpqb2u0gDs2iibi0GANw+3vzOaDOV3y4HKighI8xzs8m6+YNyOkcbEPPLyQ\n7T5tzulHTMJczutLmpiiFDmIoKE3+s5PGmzrlM1qWUGrfpv+ReY=\n=XZJU\n-----END PGP SIGNATURE-----\n\n\n",
"sources": [
{
"db": "NVD",
"id": "CVE-2021-30913"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "VULHUB",
"id": "VHN-390646"
},
{
"db": "VULMON",
"id": "CVE-2021-30913"
},
{
"db": "PACKETSTORM",
"id": "164673"
}
],
"trust": 1.89
},
"exploit_availability": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/exploit_availability#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"reference": "https://www.scap.org.cn/vuln/vhn-390646",
"trust": 0.1,
"type": "unknown"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390646"
}
]
},
"external_ids": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/external_ids#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"db": "NVD",
"id": "CVE-2021-30913",
"trust": 3.5
},
{
"db": "PACKETSTORM",
"id": "164673",
"trust": 0.8
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020960",
"trust": 0.8
},
{
"db": "AUSCERT",
"id": "ESB-2021.3560",
"trust": 0.6
},
{
"db": "AUSCERT",
"id": "ESB-2021.3563",
"trust": 0.6
},
{
"db": "CS-HELP",
"id": "SB2021102711",
"trust": 0.6
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2005",
"trust": 0.6
},
{
"db": "VULHUB",
"id": "VHN-390646",
"trust": 0.1
},
{
"db": "VULMON",
"id": "CVE-2021-30913",
"trust": 0.1
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390646"
},
{
"db": "VULMON",
"id": "CVE-2021-30913"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "PACKETSTORM",
"id": "164673"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
},
{
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"id": "VAR-202108-2082",
"iot": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/iot#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": true,
"sources": [
{
"db": "VULHUB",
"id": "VHN-390646"
}
],
"trust": 0.01
},
"last_update_date": "2024-08-14T12:05:47.859000Z",
"patch": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/patch#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"title": "HT212869 Apple\u00a0 Security update",
"trust": 0.8,
"url": "https://support.apple.com/en-us/HT212869"
},
{
"title": "Apple macOS Big Sur Fixes for permissions and access control issues vulnerabilities",
"trust": 0.6,
"url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=168184"
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
}
]
},
"problemtype_data": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/problemtype_data#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"problemtype": "NVD-CWE-noinfo",
"trust": 1.0
},
{
"problemtype": "Lack of information (CWE-noinfo) [NVD evaluation ]",
"trust": 0.8
}
],
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"references": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/references#",
"data": {
"@container": "@list"
},
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": [
{
"trust": 2.5,
"url": "https://support.apple.com/kb/ht212871"
},
{
"trust": 2.3,
"url": "https://support.apple.com/en-us/ht212872"
},
{
"trust": 1.7,
"url": "https://support.apple.com/en-us/ht212869"
},
{
"trust": 0.9,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30913"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3563"
},
{
"trust": 0.6,
"url": "https://vigilance.fr/vulnerability/apple-macos-multiple-vulnerabilities-36718"
},
{
"trust": 0.6,
"url": "https://www.auscert.org.au/bulletins/esb-2021.3560"
},
{
"trust": 0.6,
"url": "https://support.apple.com/ht212872"
},
{
"trust": 0.6,
"url": "https://packetstormsecurity.com/files/164673/apple-security-advisory-2021-10-26-4.html"
},
{
"trust": 0.6,
"url": "https://www.cybersecurity-help.cz/vdb/sb2021102711"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30906"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30919"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30899"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30915"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30907"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30916"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30912"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30876"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30908"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30879"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30909"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30883"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30910"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30868"
},
{
"trust": 0.1,
"url": "https://www.apple.com/support/security/pgp/"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30877"
},
{
"trust": 0.1,
"url": "https://support.apple.com/ht212872."
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30892"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30917"
},
{
"trust": 0.1,
"url": "https://support.apple.com/kb/ht201222"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30880"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30824"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30881"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30911"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30821"
},
{
"trust": 0.1,
"url": "https://nvd.nist.gov/vuln/detail/cve-2021-30901"
}
],
"sources": [
{
"db": "VULHUB",
"id": "VHN-390646"
},
{
"db": "VULMON",
"id": "CVE-2021-30913"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "PACKETSTORM",
"id": "164673"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
},
{
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"sources": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#",
"data": {
"@container": "@list"
}
},
"data": [
{
"db": "VULHUB",
"id": "VHN-390646"
},
{
"db": "VULMON",
"id": "CVE-2021-30913"
},
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"db": "PACKETSTORM",
"id": "164673"
},
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
},
{
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"sources_release_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_release_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2021-08-24T00:00:00",
"db": "VULHUB",
"id": "VHN-390646"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30913"
},
{
"date": "2024-07-17T00:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"date": "2021-10-28T14:41:31",
"db": "PACKETSTORM",
"id": "164673"
},
{
"date": "2021-08-24T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2005"
},
{
"date": "2021-08-24T19:15:19.113000",
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"sources_update_date": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources_update_date#",
"data": {
"@container": "@list"
}
},
"data": [
{
"date": "2022-10-11T00:00:00",
"db": "VULHUB",
"id": "VHN-390646"
},
{
"date": "2021-08-24T00:00:00",
"db": "VULMON",
"id": "CVE-2021-30913"
},
{
"date": "2024-07-17T01:00:00",
"db": "JVNDB",
"id": "JVNDB-2021-020960"
},
{
"date": "2022-05-30T00:00:00",
"db": "CNNVD",
"id": "CNNVD-202108-2005"
},
{
"date": "2023-11-07T03:33:49.897000",
"db": "NVD",
"id": "CVE-2021-30913"
}
]
},
"threat_type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/threat_type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "local",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
}
],
"trust": 0.6
},
"title": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/title#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "apple\u0027s \u00a0Apple\u00a0Mac\u00a0OS\u00a0X\u00a0 and \u00a0macOS\u00a0 Vulnerability in",
"sources": [
{
"db": "JVNDB",
"id": "JVNDB-2021-020960"
}
],
"trust": 0.8
},
"type": {
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/type#",
"sources": {
"@container": "@list",
"@context": {
"@vocab": "https://www.variotdbs.pl/ref/sources#"
}
}
},
"data": "permissions and access control issues",
"sources": [
{
"db": "CNNVD",
"id": "CNNVD-202108-2005"
}
],
"trust": 0.6
}
}
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.