CVE-2021-1791 — Out-of-bounds Read in Apple IOS AND Ipados

CWE-125 — Out-of-bounds Read5 documents4 sources

Severity

5.5MEDIUMNVD

EPSS

0.6%

top 31.77%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Ipados +4 more

Timeline

PublishedApr 2

Latest updateMay 24

Description

An out-of-bounds read issue existed that led to the disclosure of kernel memory. This was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to disclose kernel memory.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages8 packages

▶NVDapple/tvos< 14.4

▶CVEListV5apple/macosunspecified — 11.2+2

▶NVDapple/macos11.0 — 11.2

▶NVDapple/ipados< 14.4

▶NVDapple/watchos< 7.3

🔴Vulnerability Details

GHSA

GHSA-3mqc-98m9-f5mm: An out-of-bounds read issue existed that led to the disclosure of kernel memory↗2022-05-24

▶

CVEList

CVE-2021-1791: An out-of-bounds read issue existed that led to the disclosure of kernel memory↗2021-04-02

▶

📋Vendor Advisories

Apple

CVE-2021-1791: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave↗2021-02-01

▶

Apple

CVE-2021-1791: iOS 14.4 and iPadOS 14.4↗2021-01-26

▶