CVE-2021-1767Out-of-bounds Write in Apple IOS AND Ipados

CWE-787Out-of-bounds WriteCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents5 sources
Severity
7.8HIGHNVD
EPSS
0.2%
top 54.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Apple IOS AND IpadosApple MacosApple Ipados+2 more
Timeline
PublishedApr 2
Latest updateMay 24

Description

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted image may lead to heap corruption.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages6 packages

CVEListV5apple/macosunspecified11.2
NVDapple/macos11.011.2
NVDapple/ipados< 14.4
NVDapple/mac_os_x10.1410.14.6+3
CVEListV5apple/ios_and_ipadosunspecified14.4

🔴Vulnerability Details

2
GHSA
GHSA-8g5x-3xxw-v5p4: This issue was addressed with improved checks2022-05-24
CVEList
CVE-2021-1767: This issue was addressed with improved checks2021-04-02

📋Vendor Advisories

2
Apple
CVE-2021-1767: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave2021-02-01
Apple
CVE-2021-1767: iOS 14.4 and iPadOS 14.42021-01-26

🕵️Threat Intelligence

2
Qualys
Prevent Pegasus Spyware Attacks with VMDR | Qualys2021-07-23
Qualys
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach2021-07-23
CVE-2021-1767 — Out-of-bounds Write in Apple | cvebase