Logic Issue in iTunes and Apple Products Leading to Memory Disclosure
CVE-2021-1811

6.5MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
Itunes For Windows
Icloud For Windows
TV OS
Vendor
CVE Published:
8 September 2021

Summary

A logic issue in various Apple products was addressed, focusing on improved state management. This vulnerability arises when processing a specially crafted font, which could potentially lead to the unauthorized disclosure of process memory. Users are encouraged to update their systems to the latest versions to mitigate any risks.

Affected Version(s)

iCloud for Windows < 12.3

iOS and iPadOS < 14.5

iTunes for Windows < 12.11

References

https://support.apple.com/en-us/HT212317
x_refsource_MISC
https://support.apple.com/en-us/HT212323
x_refsource_MISC
https://support.apple.com/en-us/HT212324
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.