Apple macOS vulnerabilities

CVE-2017-13909 [MEDIUM] CWE-922 CVE-2017-13909: An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens An issue existed in the storage of sensitive tokens. This issue was addressed by placing the tokens in Keychain. This issue is fixed in macOS High Sierra 10.13. A local attacker may gain access to iCloud authentication tokens.

CVE-2018-4478 [MEDIUM] CWE-269 CVE-2018-4478: A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13 A validation issue was addressed with improved logic. This issue is fixed in macOS High Sierra 10.13.5, Security Update 2018-003 Sierra, Security Update 2018-003 El Capitan. An attacker with physical access to a device may be able to elevate privileges.

CVE-2021-44790 [CRITICAL] CWE-787 CVE-2021-44790: A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:pars A carefully crafted request body can cause a buffer overflow in the mod_lua multipart parser (r:parsebody() called from Lua scripts). The Apache httpd team is not aware of an exploit for the vulnerabilty though it might be possible to craft one. This issue affects Apache HTTP Server 2.4.51 and earlier.

CVE-2021-44224 [HIGH] CWE-476 CVE-2021-44224: A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL A crafted URI sent to httpd configured as a forward proxy (ProxyRequests on) can cause a crash (NULL pointer dereference) or, for configurations mixing forward and reverse proxy declarations, can allow for requests to be directed to a declared Unix Domain Socket endpoint (Server Side Request Forgery). This issue affects Apache HTTP Server 2.4.7 up to

CVE-2021-30840 [HIGH] CVE-2021-30840: This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

CVE-2021-30824 [HIGH] CWE-787 CVE-2021-30824: A memory corruption issue was addressed with improved state management. This issue is fixed in macOS A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30814 [HIGH] CWE-787 CVE-2021-30814: A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS A memory corruption issue was addressed with improved input validation. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.

CVE-2021-30821 [HIGH] CVE-2021-30821: A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30818 [HIGH] CWE-843 CVE-2021-30818: A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 a A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, Safari 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2020-9897 [HIGH] CWE-787 CVE-2020-9897: An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 An out-of-bounds write was addressed with improved input validation. This issue is fixed in iOS 14.2 and iPadOS 14.2, macOS Big Sur 11.0.1. Processing a maliciously crafted PDF may lead to arbitrary code execution.

CVE-2021-30809 [HIGH] CWE-416 CVE-2021-30809: A use after free issue was addressed with improved memory management. This issue is fixed in Safari A use after free issue was addressed with improved memory management. This issue is fixed in Safari 15, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.

CVE-2021-30834 [HIGH] CVE-2021-30834: A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, Security Update 2021-007 Catalina. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution.

CVE-2021-1821 [MEDIUM] CVE-2021-1821: A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macO A logic issue was addressed with improved state management. This issue is fixed in watchOS 7.6, macOS Big Sur 11.5. Visiting a maliciously crafted webpage may lead to a system denial of service.

CVE-2021-30808 [MEDIUM] CVE-2021-30808: This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and This issue was addressed with improved checks. This issue is fixed in tvOS 15, watchOS 8, iOS 15 and iPadOS 15. A malicious application may be able to modify protected parts of the file system.

CVE-2021-30833 [MEDIUM] CVE-2021-30833: This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacki This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.

CVE-2021-30836 [MEDIUM] CWE-125 CVE-2021-30836: An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing a maliciously crafted audio file may disclose restricted memory.

CVE-2021-30817 [MEDIUM] CVE-2021-30817: A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11. A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5. A malicious application may be able to access data about the accounts the user is using Family Sharing with.

CVE-2021-30813 [MEDIUM] CVE-2021-30813: This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A perso This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. A person with access to a host Mac may be able to bypass the Login Window in Remote Desktop for a locked instance of macOS.

CVE-2021-30823 [MEDIUM] CVE-2021-30823: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 14.8 and iPadOS 14.8, tvOS 15, Safari 15, watchOS 8. An attacker in a privileged network position may be able to bypass HSTS.

CVE-2020-10005 [MEDIUM] CWE-400 CVE-2020-10005: A resource exhaustion issue was addressed with improved input validation. This issue is fixed in mac A resource exhaustion issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1. An attacker in a privileged network position may be able to perform denial of service.