CVE-2021-30995 – Apple macOS fclonefileat Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
https://notcve.org/view.php?id=CVE-2021-30995
A race condition was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, watchOS 8.3. A malicious application may be able to elevate privileges. Se solucionó una condición de carrera con un manejo de estado mejorado. Este problema se solucionó en macOS Big Sur versión 11.6.2, tvOS versión 15.2, macOS Monterey versión 12.1, actualización de seguridad 2021-008 Catalina, iOS versión 15.2 e iPadOS versión 15.2, watchOS versión 8.3. • https://support.apple.com/en-us/HT212975 https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 https://support.apple.com/en-us/HT212979 https://support.apple.com/en-us/HT212980 https://support.apple.com/en-us/HT212981 https://www.zerodayinitiative.com/advisories/ZDI-22-360 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •
CVE-2021-30993
https://notcve.org/view.php?id=CVE-2021-30993
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. An attacker in a privileged network position may be able to execute arbitrary code. Se solucionó un problema de desbordamiento del búfer con una administración de la memoria mejorada. Este problema se solucionó en macOS Monterey versión 12.1, watchOS versión 8.3, iOS versión 15.2 e iPadOS versión 15.2, tvOS versión 15.2. • https://support.apple.com/en-us/HT212975 https://support.apple.com/en-us/HT212976 https://support.apple.com/en-us/HT212978 https://support.apple.com/en-us/HT212980 • CWE-120: Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') •
CVE-2021-30992
https://notcve.org/view.php?id=CVE-2021-30992
This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata. Este problema se solucionó con un manejo de los metadatos de archivo mejorado. Este problema se solucionó en iOS versión 15.2 e iPadOS versión 15.2. • https://support.apple.com/en-us/HT212976 •
CVE-2021-30991
https://notcve.org/view.php?id=CVE-2021-30991
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges. Se solucionó una lectura fuera de límites con una comprobación de límites mejorada. Este problema se solucionó en iOS versión 15.2 e iPadOS versión 15.2. • https://support.apple.com/en-us/HT212976 • CWE-125: Out-of-bounds Read •
CVE-2021-30988
https://notcve.org/view.php?id=CVE-2021-30988
Description: A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2. A malicious application may be able to identify what other applications a user has installed. Descripción: se solucionó un problema de permisos con una comprobación mejorada. Este problema se solucionó en iOS versión 15.2 e iPadOS versión 15.2. • https://support.apple.com/en-us/HT212976 •