Arbitrary Code Execution Vulnerability in Apple Products
CVE-2021-30835

7.8HIGH

Key Information:

Vendor
Apple
Status
Security Update - Catalina
Ios And iPad OS
TV OS
Itunes For Windows
Vendor
CVE Published:
19 October 2021

Summary

This vulnerability allows an attacker to execute arbitrary code by processing a specially crafted image in various Apple products. The issue arises from insufficient validation checks, leading to a breach of security that can compromise the integrity of the affected system. Users are advised to upgrade to the latest security updates provided by Apple to mitigate potential risks.

Affected Version(s)

iOS and iPadOS < 15

iTunes for Windows < 12.12

Security Update - Catalina < 2021

References

https://support.apple.com/kb/HT212804
x_refsource_CONFIRM
https://support.apple.com/en-us/HT212805
x_refsource_MISC
https://support.apple.com/en-us/HT212814
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.