Logic Issue in Apple Products Leading to Application Instability
CVE-2021-30834

7.8HIGH

Key Information:

Vendor
Apple
Status
Ios And iPad OS
TV OS
Watch OS
Security Update - Catalina
Vendor
CVE Published:
28 October 2021

Summary

A vulnerability in various Apple operating systems allows processing a crafted audio file to trigger unexpected application termination or potentially execute arbitrary code. This flaw arose from a logic issue affecting state management, which has been addressed in recent updates. Users of the affected systems are advised to update their devices to enhance security against potential threats.

Affected Version(s)

iOS and iPadOS < 14.8

iOS and iPadOS < 15

Security Update - Catalina < 2021

References

https://support.apple.com/kb/HT212804
x_refsource_CONFIRM
https://support.apple.com/en-us/HT212807
x_refsource_MISC
https://support.apple.com/en-us/HT212814
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.