PT-2021-5396 · Apple · Watchos+2

Linus Henze

Published

2021-07-19

Updated

2021-09-15

CVE-2021-30770

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.7 tvOS versions prior to 14.7 watchOS versions prior to 7.6

Description A logic issue was addressed with improved validation, which could allow an attacker that has already achieved kernel code execution to bypass kernel memory mitigations. The vulnerability is related to insufficient authentication mechanism in the kernel of the operating systems, which may enable a perpetrator to elevate their privileges.

Recommendations For iOS versions prior to 14.7, update to iOS 14.7 or later. For tvOS versions prior to 14.7, update to tvOS 14.7 or later. For watchOS versions prior to 7.6, update to watchOS 7.6 or later.

Fix

Improper Authentication

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-287CWE-254

Related Identifiers

BDU:2021-06235

CVE-2021-30770

Affected Products

Ios

Tvos

Watchos

PT-2021-5396 · Apple · Watchos+2

CVE-2021-30770

Weakness Enumeration

Related Identifiers

Affected Products

References · 7