CVSS: 6.8EPSS: 0%CPEs: 2EXPL: 0CVE-2021-30863
https://notcve.org/view.php?id=CVE-2021-30863
This issue was addressed by improving Face ID anti-spoofing models. This issue is fixed in iOS 15 and iPadOS 15. A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID. Este problema se abordó con los modelos anti-spoofing de Face ID mejorados. Este problema se corrigió en iOS versión 15 y iPadOS versión 15. • https://support.apple.com/en-us/HT212814 •
CVSS: 7.8EPSS: 0%CPEs: 15EXPL: 2CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 https://github.com/Levilutz/CVE-2021-30860 http://seclists.org/fulldisclosure/2021/Sep/25 http://seclists.org/fulldisclosure/2021/Sep/26 http://seclists.org/fulldisclosure/2021/Sep/27 http://seclists.org/fulldisclosure/2021/Sep/28 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep/40 http://seclists.org/fulldisclosure/2021/Sep/50 http://ww • CWE-190: Integer Overflow or Wraparound •
CVSS: 9.3EPSS: 0%CPEs: 11EXPL: 0CVE-2021-30859
https://notcve.org/view.php?id=CVE-2021-30859
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó un problema de confusión de tipos con una administración de estado mejorada. Este problema se corrigió en iOS versión 14.8 y iPadOS versión 14.8, macOS Big Sur versión 11.6, Security Update 2021-005 Catalina. • https://support.apple.com/en-us/HT212804 https://support.apple.com/en-us/HT212805 https://support.apple.com/en-us/HT212807 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVSS: 8.8EPSS: 0%CPEs: 8EXPL: 0CVE-2021-30858 – Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-30858
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un problema de uso después de la liberación con una mejor gestión de la memoria. • http://seclists.org/fulldisclosure/2021/Sep/25 http://seclists.org/fulldisclosure/2021/Sep/27 http://seclists.org/fulldisclosure/2021/Sep/29 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep/50 http://www.openwall.com/lists/oss-security/2021/09/20/1 http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http:/&#x • CWE-416: Use After Free •
CVSS: 7.6EPSS: 0%CPEs: 13EXPL: 0CVE-2021-30857
https://notcve.org/view.php?id=CVE-2021-30857
A race condition was addressed with improved locking. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, tvOS 15, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges. Se abordó una condición de carrera con un bloqueo mejorado. Este problema se corrigió en Security Update 2021-005 Catalina, iOS versión 14.8 y iPadOS versión 14.8, tvOS versión 15, iOS versión 15 y iPadOS versión 15, watchOS versión 8, macOS Big Sur versión 11.6. • https://support.apple.com/en-us/HT212804 https://support.apple.com/en-us/HT212805 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212814 https://support.apple.com/en-us/HT212815 https://support.apple.com/en-us/HT212819 • CWE-362: Concurrent Execution using Shared Resource with Improper Synchronization ('Race Condition') •