CVE-2021-30895
published 2021-08-24CVE-2021-30895: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A…
PriorityP278medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
ITWVulnCheck KEV
Exploited in the wild
EPSS
0.92%
56.0th percentile
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts.
Affected
16 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_15.0.2_and_ipados | — | — |
| apple | ios_15.1_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 15.0 | 15.0 |
| apple | ipados | < 15.1 | 15.1 |
| apple | iphone_os | < 15.1 | 15.1 |
| apple | macos | — | — |
| apple | macos | >= 11.0 < 11.6.2 | 11.6.2 |
| apple | macos | >= unspecified < 12.0 | 12.0 |
| apple | macos | >= unspecified < 8.1 | 8.1 |
| apple | macos | >= unspecified < 15.1 | 15.1 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | tvos | < 15.1 | 15.1 |
| apple | tvos | — | — |
| apple | watchos | < 8.1 | 8.1 |
| apple | watchos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is Game Center on Apple platforms; monitor for applications accessing contacts data via Game Center without explicit user permission or entitlement ↗
- →Focus detection on the Game Center component across iOS/iPadOS, tvOS, watchOS, and macOS platforms for unauthorized contacts access ↗
- ·This is a logic/restriction bypass in Game Center — no network IOCs, hashes, or signatures are publicly available from these sources. Detection must rely on behavioral monitoring of contacts access by applications leveraging Game Center. ↗
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
vulncheck5.5MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulnCheck
iOS, iPadOS, tvOS, watchOS, and macOS Monterey App User Contact Information Disclosure Vulnerability
vulncheck·2021·CVSS 5.5
CVE-2021-30895 [MEDIUM] iOS, iPadOS, tvOS, watchOS, and macOS Monterey App User Contact Information Disclosure Vulnerability
iOS, iPadOS, tvOS, watchOS, and macOS Monterey App User Contact Information Disclosure Vulnerability
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts.
Affected: Apple ipados
Required Action: Apply remediations or mitigations per vendor instructions or discontinue use of the product if remediation or mitigations are unavailable.
Exploitation References: https://support.apple.com/en-us/103159
Apple
CVE-2021-30895: macOS Big Sur 11.6.2
vendor_apple·2021-12-13·CVSS 5.5
CVE-2021-30895 [MEDIUM] CVE-2021-30895: macOS Big Sur 11.6.2
Apple Security Update: About the security content of macOS Big Sur 11.6.2
Product: macOS Big Sur
Version: 11.6.2
CVE: CVE-2021-30895
Component: Game Center
Impact: A malicious application may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2021-30895: iOS 15.1 and iPadOS 15.1
vendor_apple·2021-10-25·CVSS 5.5
CVE-2021-30895 [MEDIUM] CVE-2021-30895: iOS 15.1 and iPadOS 15.1
Apple Security Update: About the security content of iOS 15.1 and iPadOS 15.1
Product: iOS 15.1 and iPadOS
Version: 15.1
CVE: CVE-2021-30895
Component: Game Center
Impact: A malicious application may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2021-30895: tvOS 15.1
vendor_apple·2021-10-25·CVSS 5.5
CVE-2021-30895 [MEDIUM] CVE-2021-30895: tvOS 15.1
Apple Security Update: About the security content of tvOS 15.1
Product: tvOS
Version: 15.1
CVE: CVE-2021-30895
Component: Game Center
Impact: A malicious application may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2021-30895: watchOS 8.1
vendor_apple·2021-10-25·CVSS 5.5
CVE-2021-30895 [MEDIUM] CVE-2021-30895: watchOS 8.1
Apple Security Update: About the security content of watchOS 8.1
Product: watchOS
Version: 8.1
CVE: CVE-2021-30895
Component: Game Center
Impact: A malicious application may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2021-30895: macOS Monterey 12.0.1
vendor_apple·2021-10-25·CVSS 5.5
CVE-2021-30895 [MEDIUM] CVE-2021-30895: macOS Monterey 12.0.1
Apple Security Update: About the security content of macOS Monterey 12.0.1
Product: macOS Monterey
Version: 12.0.1
CVE: CVE-2021-30895
Component: Game Center
Impact: A malicious application may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2021-30895: iOS 15.0.2 and iPadOS 15.0.2
vendor_apple·2021-10-11·CVSS 5.5
CVE-2021-30895 [MEDIUM] CVE-2021-30895: iOS 15.0.2 and iPadOS 15.0.2
Apple Security Update: About the security content of iOS 15.0.2 and iPadOS 15.0.2
Product: iOS 15.0.2 and iPadOS
Version: 15.0.2
CVE: CVE-2021-30895
Component: Game Center
Impact: A malicious application may be able to access information about a user's contacts
Description: A logic issue was addressed with improved restrictions.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://support.apple.com/en-us/HT212846https://support.apple.com/en-us/HT212869https://support.apple.com/en-us/HT212874https://support.apple.com/en-us/HT212876https://support.apple.com/kb/HT212867https://support.apple.com/kb/HT212979https://support.apple.com/en-us/HT212846https://support.apple.com/en-us/HT212869https://support.apple.com/en-us/HT212874https://support.apple.com/en-us/HT212876https://support.apple.com/kb/HT212867https://support.apple.com/kb/HT212979
2021-08-24
Published
Exploited in the wild