PT-2021-5392 · Apple · Ipados+3

Bruno Virlet

Published

2021-04-26

Updated

2022-07-12

CVE-2021-1822

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5

Description The issue is related to insufficient access controls in the MobileInstallation component, which can be exploited to gain unauthorized access to protected information. A local user may be able to modify protected parts of the file system due to a logic issue.

Recommendations For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later.

Fix

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-668

Related Identifiers

BDU:2021-06231

CVE-2021-1822

Affected Products

Ios

Ipados

Tvos

Watchos

PT-2021-5392 · Apple · Ipados+3

CVE-2021-1822

Weakness Enumeration

Related Identifiers

Affected Products

References · 6