CVE-2021-30861
https://notcve.org/view.php?id=CVE-2021-30861
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may bypass Gatekeeper checks. Se abordó un problema lógico con una administración de estado mejorada. Este problema se corrigió en macOS Monterey versión 12.0.1. • https://support.apple.com/en-us/HT212869 https://support.apple.com/kb/HT212816 •
CVE-2021-30860 – Apple Multiple Products Integer Overflow Vulnerability
https://notcve.org/view.php?id=CVE-2021-30860
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un desbordamiento de enteros con una validación de entrada mejorada. • https://github.com/jeffssh/CVE-2021-30860 https://github.com/Levilutz/CVE-2021-30860 http://seclists.org/fulldisclosure/2021/Sep/25 http://seclists.org/fulldisclosure/2021/Sep/26 http://seclists.org/fulldisclosure/2021/Sep/27 http://seclists.org/fulldisclosure/2021/Sep/28 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep/40 http://seclists.org/fulldisclosure/2021/Sep/50 http://ww • CWE-190: Integer Overflow or Wraparound •
CVE-2021-30858 – Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
https://notcve.org/view.php?id=CVE-2021-30858
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Se ha solucionado un problema de uso después de la liberación con una mejor gestión de la memoria. • http://seclists.org/fulldisclosure/2021/Sep/25 http://seclists.org/fulldisclosure/2021/Sep/27 http://seclists.org/fulldisclosure/2021/Sep/29 http://seclists.org/fulldisclosure/2021/Sep/38 http://seclists.org/fulldisclosure/2021/Sep/39 http://seclists.org/fulldisclosure/2021/Sep/50 http://www.openwall.com/lists/oss-security/2021/09/20/1 http://www.openwall.com/lists/oss-security/2021/10/26/9 http://www.openwall.com/lists/oss-security/2021/10/27/1 http:/ • CWE-416: Use After Free •
CVE-2021-30855
https://notcve.org/view.php?id=CVE-2021-30855
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files. Se presentó un problema de comprobación en el manejo de los enlaces simbólicos. • https://support.apple.com/en-us/HT212804 https://support.apple.com/en-us/HT212805 https://support.apple.com/en-us/HT212807 https://support.apple.com/en-us/HT212814 https://support.apple.com/en-us/HT212819 https://support.apple.com/kb/HT212815 • CWE-59: Improper Link Resolution Before File Access ('Link Following') •
CVE-2021-30853
https://notcve.org/view.php?id=CVE-2021-30853
This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.6. A malicious application may bypass Gatekeeper checks. Este problema se abordó con comprobaciones mejoradas. Este problema se corrigió en macOS Big Sur versión 11.6. • https://github.com/shubham0d/CVE-2021-30853 https://support.apple.com/en-us/HT212804 • CWE-787: Out-of-bounds Write •