Apple tvOS vulnerabilities

CVE-2021-30855 [MEDIUM] CWE-59 CVE-2021-30855: A validation issue existed in the handling of symlinks. This issue was addressed with improved valid A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.

CVE-2021-30947 [MEDIUM] CVE-2021-30947: An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, iOS 15.2 and iPadOS 15.2, watchOS 8.3. An application may be able to access a user's files.

CVE-2021-30905 [MEDIUM] CWE-125 CVE-2021-30905: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina. Processing a maliciously crafted file may disclose user information.

CVE-2021-30896 [MEDIUM] CVE-2021-30896: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to read user's gameplay data.

CVE-2021-30890 [MEDIUM] CWE-79 CVE-2021-30890: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12 A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting.

CVE-2021-30895 [MEDIUM] CVE-2021-30895: A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts.

CVE-2021-31007 [MEDIUM] CWE-276 CVE-2021-31007: Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1, macOS Big Sur 11.6.2, watchOS 8.1, macOS Monterey 12.1. A malicious application may be able to bypass Privacy preferences.

CVE-2021-30968 [MEDIUM] CWE-59 CVE-2021-30968: A validation issue related to hard link behavior was addressed with improved sandbox restrictions. T A validation issue related to hard link behavior was addressed with improved sandbox restrictions. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to bypass certain Privacy preferences.

CVE-2021-30962 [MEDIUM] CWE-665 CVE-2021-30962: A memory initialization issue was addressed with improved memory handling. This issue is fixed in tv A memory initialization issue was addressed with improved memory handling. This issue is fixed in tvOS 15.2, macOS Big Sur 11.6.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

CVE-2021-30910 [MEDIUM] CWE-125 CVE-2021-30910: An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 a An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information.

CVE-2021-31006 [MEDIUM] CWE-276 CVE-2021-31006: Description: A permissions issue was addressed with improved validation. This issue is fixed in watc Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

CVE-2021-30897 [MEDIUM] CVE-2021-30897: An issue existed in the specification for the resource timing API. The specification was updated and An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.

CVE-2021-30887 [MEDIUM] CVE-2021-30887: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1 A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy.

CVE-2021-30944 [MEDIUM] CVE-2021-30944: Description: A logic issue was addressed with improved state management. This issue is fixed in iOS Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious app may be able to access data from other apps by enabling additional logging.

CVE-2021-30960 [MEDIUM] CWE-120 CVE-2021-30960: A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Mo A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. Parsing a maliciously crafted audio file may lead to disclosure of user information.

CVE-2021-31000 [LOW] CWE-276 CVE-2021-31000: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPad A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

CVE-2021-30915 [LOW] CVE-2021-30915: A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPad A logic issue was addressed with improved state management. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. A person with physical access to an iOS device may be able to determine characteristics of a user's password in a secure text entry field.

CVE-2021-30724 [HIGH] CVE-2021-30724: tvOS 14.6 Apple Security Update: About the security content of tvOS 14.6 Product: tvOS Version: 14.6 CVE: CVE-2021-30724 Component: CVMS Impact: A local attacker may be able to elevate their privileges Description: This issue was addressed with improved checks.

CVE-2021-21779 [HIGH] CVE-2021-21779: tvOS 14.6 Apple Security Update: About the security content of tvOS 14.6 Product: tvOS Version: 14.6 CVE: CVE-2021-21779 Component: WebKit Impact: Processing maliciously crafted web content may lead to arbitrary code execution Description: A use after free issue was addressed with improved memory management.

CVE-2021-1818 [CRITICAL] CVE-2021-1818: A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11. A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.