PT-2021-5248 · Apple · Watchos+4
Mickey Jin
+1
·
Published
2021-02-23
·
Updated
2021-11-15
·
CVE-2021-30685
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Apple macOS versions prior to 11.4
Apple tvOS versions prior to 14.6
Apple iOS versions prior to 14.6
Apple iPadOS versions prior to 14.6
Apple watchOS versions prior to 7.5
Description
The issue is related to the AudioToolboxCore component in Apple operating systems, which can lead to an out-of-bounds read in memory when processing AAC files. This may allow an attacker to gain unauthorized access to protected information. Parsing a maliciously crafted audio file may lead to disclosure of user information.
Recommendations
For Apple macOS versions prior to 11.4, update to macOS 11.4 or later.
For Apple tvOS versions prior to 14.6, update to tvOS 14.6 or later.
For Apple iOS versions prior to 14.6, update to iOS 14.6 or later.
For Apple iPadOS versions prior to 14.6, update to iPadOS 14.6 or later.
For Apple watchOS versions prior to 7.5, update to watchOS 7.5 or later.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Tvos
Watchos