CVE-2021-30964 — Incorrect Permission Assignment in Apple IOS AND Ipados

CWE-732 — Incorrect Permission Assignment3 documents2 sources

Severity

5.5MEDIUMNVD

EPSS

0.2%

top 60.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +3 more

Timeline

PublishedAug 24

Latest updateDec 13

Description

An inherited permissions issue was addressed with additional restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2. A malicious application may be able to bypass Privacy preferences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages9 packages

▶Appleapple/macos_monterey12.1

▶CVEListV5apple/macosunspecified — 12.1

▶NVDapple/macos< 12.1

▶NVDapple/ipados< 15.2

▶CVEListV5apple/watchosunspecified — 8.3

📋Vendor Advisories

Apple

CVE-2021-30964: watchOS 8.3↗2021-12-13

▶

Apple

CVE-2021-30964: macOS Monterey 12.1↗2021-12-13

▶