Security
Headlines
HeadlinesLatestCVEs

Headline

CVE-2021-30966: About the security content of watchOS 8.3

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.

CVE
#vulnerability#web#ios#mac#apple#google

Released December 13, 2021

Audio

Available for: Apple Watch Series 3 and later

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

CFNetwork Proxies

Available for: Apple Watch Series 3 and later

Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations

Description: A logic issue was addressed with improved state management.

CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)

ColorSync

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

CoreAudio

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

CoreAudio

Available for: Apple Watch Series 3 and later

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

Crash Reporter

Available for: Apple Watch Series 3 and later

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

ImageIO

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

Kernel

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

Kernel

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

Kernel

Available for: Apple Watch Series 3 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

Kernel

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

Kernel

Available for: Apple Watch Series 3 and later

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

Kernel

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30955: Zweig of Kunlun Lab

Preferences

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

Sandbox

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

Sandbox

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics

Sandbox

Available for: Apple Watch Series 3 and later

Impact: An application may be able to access a user’s files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

TCC

Available for: Apple Watch Series 3 and later

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

TCC

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to bypass Privacy preferences

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30964: Andy Grant of Zoom Video Communications

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30934: Dani Biro

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

CVE-2021-30951: Pangu

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30952: WeBin

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30984: Kunlun Lab

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30953: VRIJ

WebKit

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-30954: Kunlun Lab

CVE: Latest News

CVE-2023-50976: Transactions API Authorization by oleiman · Pull Request #14969 · redpanda-data/redpanda
CVE-2023-6905
CVE-2023-6903
CVE-2023-6904
CVE-2023-3907