CVE-2021-30898
https://notcve.org/view.php?id=CVE-2021-30898
An access issue was addressed with additional sandbox restrictions on third party applications. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms. Se ha solucionado un problema de acceso con restricciones adicionales de sandbox en aplicaciones de terceros. Este problema se ha solucionado en iOS 15 y iPadOS 15. • https://support.apple.com/en-us/HT212814 •
CVE-2021-30897 – webkitgtk: Cross-origin data exfiltration via resource timing API
https://notcve.org/view.php?id=CVE-2021-30897
An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin. Existía un problema en la especificación de la API de sincronización de recursos. • https://support.apple.com/en-us/HT212869 https://support.apple.com/kb/HT212814 https://support.apple.com/kb/HT212815 https://access.redhat.com/security/cve/CVE-2021-30897 https://bugzilla.redhat.com/show_bug.cgi?id=2038907 • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVE-2021-30895
https://notcve.org/view.php?id=CVE-2021-30895
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, tvOS 15.1, watchOS 8.1, macOS Monterey 12.0.1. A malicious application may be able to access information about a user's contacts. Se abordó un problema lógico con restricciones mejoradas. Este problema se corrigió en iOS versión 15.0.2 y iPadOS versión 15.0.2, tvOS versión 15.1, watchOS versión 8.1, macOS Monterey versión 12.0.1. • https://support.apple.com/en-us/HT212846 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://support.apple.com/kb/HT212867 https://support.apple.com/kb/HT212979 •
CVE-2021-30894
https://notcve.org/view.php?id=CVE-2021-30894
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.1 and iPadOS 15.1, tvOS 15.1. An application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de corrupción de memoria con una comprobación de entradas mejorada. Este problema se corrigió en iOS versión 15.1 y iPadOS versión 15.1, tvOS versión 15.1. • https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212876 • CWE-787: Out-of-bounds Write •
CVE-2021-30890 – webkitgtk: Logic issue leading to universal cross-site scripting
https://notcve.org/view.php?id=CVE-2021-30890
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1, iOS 15.1 and iPadOS 15.1, watchOS 8.1, tvOS 15.1. Processing maliciously crafted web content may lead to universal cross site scripting. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1, iOS versión 15.1 y iPadOS versión 15.1, watchOS versión 8.1, tvOS versión 15.1. • http://www.openwall.com/lists/oss-security/2021/12/20/6 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V https://support.apple.com/en-us/HT212867 https://support.apple.com/en-us/HT212869 https://support.apple.com/en-us/HT212874 https://support.apple.com/en-us/HT212876 https://www.debian.org/security/20 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •