Rewterz Threat Advisory – Multiple Apple iOS and iPadOS Vulnerabilities

Severity

High

Analysis Summary

CVE-2021-30964 

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by an inherited permissions issue in the TCC component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.

CVE-2021-30767 

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a logic issue in the TCC component. By using a specially-crafted application, an attacker could exploit this vulnerability to modify protected parts of the file system.

CVE-2021-30946 

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a logic issue in the Sandbox component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.

CVE-2021-30968 

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a validation issue related to hard link behavior in the Sandbox component. By using a specially-crafted application, an attacker could exploit this vulnerability to bypass Privacy preferences.

CVE-2021-30947 

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by an access issue in the Sandbox component. By using a specially-crafted application, an attacker could exploit this vulnerability to access a user’s files.

CVE-2021-30948 

Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an inconsistent user interface issue in the Password Manager component. By using a specially-crafted application, an attacker could exploit this vulnerability to access stored passwords without authentication.

CVE-2021-30932 

Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an issue in the Notes component. By using a specially-crafted application, an attacker could exploit this vulnerability to access contacts from the lock screen.

CVE-2021-30988 

Apple iOS and iPadOS could allow a physical attacker to obtain sensitive information, caused by an issue in the NetworkExtension component. By using a specially-crafted application, an attacker could exploit this vulnerability to identify what other applications a user has installed.

CVE-2021-30967 

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a permissions issue in the NetworkExtension component. By using a specially-crafted application, an attacker could exploit this vulnerability to read sensitive information.

CVE-2021-30929 

Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds write issue in the Model I/O component. By persuading a victim to open a specially-crafted USD file, an attacker could exploit this vulnerability to disclose memory contents.

CVE-2021-30973 

Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by an out-of-bounds read in the Model I/O component. By persuading a victim to open a specially-crafted file, an attacker could exploit this vulnerability to disclose user information.

CVE-2021-30992 

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by an issue in the FaceTime component. By using a specially-crafted application, an attacker could exploit this vulnerability to eak sensitive user information through Live Photos metadata.

CVE-2021-30966 

Apple iOS and iPadOS could allow a local attacker to obtain sensitive information, caused by a logic issue in the CFNetwork Proxies component. By using a specially-crafted application, an attacker could exploit this vulnerability to disclose user traffic.

CVE-2021-30960 

Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by a buffer overflow issue in the Audio component. By persuading a victim to open a specially-crafted audio file, an attacker could exploit this vulnerability to obtain sensitive information.

CVE-2021-30954 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a type confusion in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30953 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30984 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a race condition in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30952 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an integer overflow in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30951 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30934 

Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to open a specially-crafted web content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-30934 

Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to open a specially-crafted web content, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-30936 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a use-after-free in the WebKit component. By persuading a victim to open a specially-crafted web content, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30941 

Apple iOS and iPadOS could allow a remote attacker to obtain sensitive information, caused by a buffer overflow issue in the Model I/O component. By persuading a victim to open a specially-crafted USD file, an attacker could exploit this vulnerability to disclose memory contents.

CVE-2021-30979 

Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the Model I/O component. By persuading a victim to open a specially crafted USD file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-30971 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds write in the Model I/O component. By persuading a victim to open a specially crafted USD file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30939 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by an out-of-bounds read in the ImageIO component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30957 

Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the CoreAudio component. By persuading a victim to open a specially crafted audio file, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-30942 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the processing of ICC profiles in the ColorSync component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30926 

Apple iOS and iPadOS could allow a remote attacker to execute arbitrary code on the system, caused by a memory corruption issue in the processing of ICC profiles in the ColorSync component. By persuading a victim to open a specially crafted image file, an attacker could exploit this vulnerability to execute arbitrary code on the system.

CVE-2021-30995 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the Preferences component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30955 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30949 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30980 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30927 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30937 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30991 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds read in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30985 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30983 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a buffer overflow in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30996 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the IOMobileFrameBuffer component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

Impact

• Security Bypass
• Information Disclosure
• Code Execution
• Buffer Overflow
• Privilege Escalation

Affected Vendors

• Apple

Affected Products

• Apple iOS 15.1
• Apple iPadOS 15.1

Remediation

Refer to Apple security document for patch, upgrade or suggested workaround information.