PT-2021-18976 · Apple · Ios+4

Csaba Fitzl

Published

2021-08-24

Updated

2022-03-25

CVE-2021-30925

CVSS v3.1

9.1

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N

Name of the Vulnerable Software and Affected Versions watchOS versions prior to 8 macOS Big Sur versions prior to 11.6 iOS versions prior to 15 iPadOS versions prior to 15

Description The issue allows a malicious application to bypass Privacy preferences. This was addressed with improved permissions logic.

Recommendations For watchOS versions prior to 8, update to watchOS 8 to resolve the issue. For macOS Big Sur versions prior to 11.6, update to macOS Big Sur 11.6 to resolve the issue. For iOS versions prior to 15, update to iOS 15 to resolve the issue. For iPadOS versions prior to 15, update to iPadOS 15 to resolve the issue.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-30925

Affected Products

Apple Macos

Ios

Ipados

Macos Big Sur

Watchos

PT-2021-18976 · Apple · Ios+4

CVE-2021-30925

Weakness Enumeration

Related Identifiers

Affected Products

References · 7