CVE-2021-31010
published 2021-08-24CVE-2021-31010: A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS…
high7.5CVSS 3.1
AVNACLPRNUINSUCNIHAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-09-15
Exploited in the wild
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | — | — |
| apple | ios_14.8_and_ipados | — | — |
| apple | ipados | < 14.8 | 14.8 |
| apple | iphone_os | >= 12.0 < 12.5.5 | 12.5.5 |
| apple | iphone_os | >= 14.0 < 14.8 | 14.8 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.6 | 11.6 |
| apple | macos | >= unspecified < 11.6 | 11.6 |
| apple | macos | >= unspecified < 2021 | 2021 |
| apple | macos_big_sur | — | — |
| apple | security_update_2021-005_catalina | — | — |
| apple | watchos | < 7.6.2 | 7.6.2 |
| apple | watchos | — | — |
| apple | watchos | >= unspecified < 7.6 | 7.6 |
| apple | watchos | >= unspecified < 14.8 | 14.8 |
| apple | watchos | >= unspecified < 12.5 | 12.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
vulncheck7.5HIGH
cisa7.5HIGH