PT-2021-4677 · Apple · Watchos+2

Linus Henze

Published

2021-09-08

Updated

2021-09-15

CVE-2021-30769

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.7 tvOS versions prior to 14.7 watchOS versions prior to 7.6

Description A logic issue related to state management was identified, allowing a malicious attacker with arbitrary read and write capability to potentially bypass Pointer Authentication. This issue is associated with a logical error during the authentication process.

Recommendations For iOS versions prior to 14.7, update to iOS 14.7 to resolve the issue. For tvOS versions prior to 14.7, update to tvOS 14.7 to resolve the issue. For watchOS versions prior to 7.6, update to watchOS 7.6 to resolve the issue.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287

Related Identifiers

BDU:2021-05370

CVE-2021-30769

Affected Products

Ios

Tvos

Watchos

PT-2021-4677 · Apple · Watchos+2

CVE-2021-30769

Weakness Enumeration

Related Identifiers

Affected Products

References · 6