CVE-2021-30943 — Insufficient Session Expiration in Apple Watchos

CWE-613 — Insufficient Session Expiration3 documents2 sources

Severity

4.3MEDIUMNVD

EPSS

0.2%

top 59.29%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Watchos Apple Ipados Apple Iphone OS +2 more

Timeline

PublishedAug 24

Latest updateDec 13

Description

An issue in the handling of group membership was resolved with improved logic. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1. A malicious user may be able to leave a messages group but continue to receive messages in that group.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:NExploitability: 2.8 | Impact: 1.4

Affected Packages7 packages

▶Appleapple/macos_monterey12.1

▶NVDapple/macos12.0.0 — 12.1

▶NVDapple/ipados< 15.2

▶CVEListV5apple/watchosunspecified — 8.3+2

▶NVDapple/watchos< 8.3

📋Vendor Advisories

Apple

CVE-2021-30943: watchOS 8.3↗2021-12-13

▶

Apple

CVE-2021-30943: macOS Monterey 12.1↗2021-12-13

▶