Rewterz Threat Advisory – CVE-2021-4104 – Apache Log4j Vulnerability
December 14, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
December 14, 2021Rewterz Threat Advisory – CVE-2021-4104 – Apache Log4j Vulnerability
December 14, 2021Rewterz Threat Advisory – Multiple Google Chrome Vulnerabilities
December 14, 2021Severity
High
Analysis Summary
CVE-2021-30964
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by an inherited permissions issue in the TCC component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.
CVE-2021-30767
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a logic issue in the TCC component. By using a specially-crafted application, an attacker could exploit this vulnerability to modify protected parts of the file system.
CVE-2021-30946
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a logic issue in the Sandbox component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.
CVE-2021-30968
Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a validation issue related to hard link behavior in the Sandbox component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.
CVE-2021-30947
Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by an access issue in the Sandbox component. By using a specially-crafted application, an attacker could exploit this vulnerability to access a user’s files.
CVE-2021-30948
Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an inconsistent user interface issue in the Password Manager component. By using a specially-crafted application, an attacker could exploit this vulnerability to access stored passwords without authentication.
CVE-2021-30932
Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an issue in the Notes component. By using a specially-crafted application, an attacker could exploit this vulnerability to access contacts from the lock screen.
CVE-2021-30988
Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an issue in the NetworkExtension component. By using a specially-crafted application, an attacker could exploit this vulnerability to identify what other applications a user has installed.
CVE-2021-30967
Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a permissions issue in the NetworkExtension component. By using a specially-crafted application, an attacker could exploit this vulnerability to read sensitive information.
CVE-2021-30929
Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds write issue in the Model I/O component. By persuading a victim to open a specially-crafted USD file, an attacker could exploit this vulnerability to disclose memory contents.
CVE-2021-30973
Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the Model I/O component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to disclose user information.
CVE-2021-30992
Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by an issue in the FaceTime component. By using a specially-crafted application, an attacker could exploit this vulnerability to eak sensitive user information through Live Photos metadata.
CVE-2021-30966
Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a logic issue in the CFNetwork Proxies component. By using a specially-crafted application, an attacker could exploit this vulnerability to disclose user traffic.
CVE-2021-30960
Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by a buffer overflow issue in the Audio component. By persuading a victim to open a specially-crafted audio file, an attacker could exploit this vulnerability to obtain sensitive information.
CVE-2021-30954
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30953
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30984
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30952
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30951
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30934
Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to open a specially-crafted web content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-30934
Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to open a specially-crafted web content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-30936
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30941
Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by a buffer overflow issue in the Model I/O component. By persuading a victim to open a specially-crafted USD file, an attacker could exploit this vulnerability to disclose memory contents.
CVE-2021-30979
Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the Model I/O component. By persuading a victim to open a specially crafted USD file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-30971
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the Model I/O component. By persuading a victim to open a specially crafted USD file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30939
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the ImageIO component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30957
Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the CoreAudio component. By persuading a victim to open a specially crafted audio file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.
CVE-2021-30942
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the processing of ICC profiles in the ColorSync component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30926
Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the processing of ICC profiles in the ColorSync component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.
CVE-2021-30995
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the Preferences component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30955
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30949
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30980
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30927
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30937
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30991
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds read in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30985
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30983
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a buffer overflow in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
CVE-2021-30996
Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.
Impact
- Security Bypass
- Information Disclosure
- Code Execution
- Buffer Overflow
- Privilege Escalation
Affected Vendors
- Apple
Affected Products
- Apple iOS 15.1
- Apple iPadOS 15.1
Remediation
Refer to Apple security document for patch, upgrade or suggested workaround information.