Apple iOS vulnerabilities

CVE-2017-2375 [LOW] CVE-2017-2375: An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addre An issue existed in preventing the uploading of CallKit call history to iCloud. This issue was addressed through improved logic. This issue is fixed in iOS 10.2.1. Updates for CallKit call history are sent to iCloud.

CVE-2021-30869 [HIGH] CVE-2021-30869: iOS 12.5.5 Apple Security Update: About the security content of iOS 12.5.5 Product: iOS Version: 12.5.5 CVE: CVE-2021-30869 Component: XNU Impact: A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild. Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30860 [HIGH] CVE-2021-30860: iOS 12.5.5 Apple Security Update: About the security content of iOS 12.5.5 Product: iOS Version: 12.5.5 CVE: CVE-2021-30860 Component: CoreGraphics Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Description: An integer overflow was addressed with improved input validation.

CVE-2021-31010 [HIGH] CVE-2021-31010: iOS 12.5.5 Apple Security Update: About the security content of iOS 12.5.5 Product: iOS Version: 12.5.5 CVE: CVE-2021-31010 Component: Core Telephony Impact: A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release. Description: A deserialization issue was addressed through improved validation.

CVE-2021-30760 [HIGH] CWE-190 CVE-2021-30760: An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7 An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

CVE-2021-30775 [HIGH] CWE-787 CVE-2021-30775: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted audio file may lead to arbitrary code execution.

CVE-2021-30802 [HIGH] CWE-416 CVE-2021-30802: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30761 [HIGH] CWE-787 CVE-2021-30761: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2021-30797 [HIGH] CVE-2021-30797: This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.

CVE-2021-30795 [HIGH] CWE-416 CVE-2021-30795: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30789 [HIGH] CWE-125 CVE-2021-30789: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

CVE-2021-30781 [HIGH] CVE-2021-30781: This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

CVE-2021-30786 [HIGH] CWE-362 CVE-2021-30786: A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

CVE-2021-30779 [HIGH] CVE-2021-30779: This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, This issue was addressed with improved checks. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-30666 [HIGH] CWE-119 CVE-2021-30666: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5 A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2021-30774 [HIGH] CVE-2021-30774: A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. A malicious application may be able to gain root privileges.

CVE-2021-30785 [HIGH] CWE-120 CVE-2021-30785: A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macO A buffer overflow was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-004 Catalina. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-30780 [HIGH] CWE-787 CVE-2021-30780: An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. A malicious application may be able to gain root privileges.

CVE-2021-30762 [HIGH] CWE-416 CVE-2021-30762: A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12. A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVE-2021-30748 [HIGH] CWE-787 CVE-2021-30748: A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 1 A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. An application may be able to execute arbitrary code with kernel privileges.