CVE-2021-30966Apple IOS AND Ipados vulnerability

4 documents2 sources
Severity
7.5HIGHNVD
EPSS
0.5%
top 35.47%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
Apple IOS AND IpadosApple MacosApple Watchos+4 more
Timeline
PublishedAug 24
Latest updateDec 13

Description

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages11 packages

NVDapple/tvos< 15.2
CVEListV5apple/macosunspecified12.1+1
NVDapple/macos< 12.1
NVDapple/ipados< 15.2

📋Vendor Advisories

3
Apple
CVE-2021-30966: watchOS 8.32021-12-13
Apple
CVE-2021-30966: tvOS 15.22021-12-13
Apple
CVE-2021-30966: macOS Monterey 12.12021-12-13