PT-2021-5247 · Apple · Watchos+7
Tim Michaud
·
Published
2021-04-26
·
Updated
2021-09-20
·
CVE-2021-1868
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
macOS Catalina versions prior to Security Update 2021-002
macOS Mojave versions prior to Security Update 2021-003
iOS versions prior to 14.5
iPadOS versions prior to 14.5
watchOS versions prior to 7.4
tvOS versions prior to 14.5
macOS Big Sur versions prior to 11.3
Description
A logic issue was addressed with improved state management, which may allow a local attacker to elevate their privileges. The issue is related to insufficient access control in the Tailspin component of the affected operating systems.
Recommendations
For macOS Catalina, apply Security Update 2021-002.
For macOS Mojave, apply Security Update 2021-003.
For iOS, update to version 14.5 or later.
For iPadOS, update to version 14.5 or later.
For watchOS, update to version 7.4 or later.
For tvOS, update to version 14.5 or later.
For macOS Big Sur, update to version 11.3 or later.
Fix
Improper Privilege Management
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Macos Big Sur
Macos Catalina
Macos Mojave
Tvos
Watchos