PT-2021-5432 · Apple · Watchos+4
Mickey Jin
+1
·
Published
2021-05-24
·
Updated
2021-09-17
·
CVE-2021-30686
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
macOS versions prior to 11.4
tvOS versions prior to 14.6
iOS versions prior to 14.6
iPadOS versions prior to 14.6
watchOS versions prior to 7.5
Description
The issue is related to an out-of-bounds read that was addressed with improved bounds checking. Processing a maliciously crafted audio file may disclose restricted memory. This is due to a buffer overflow vulnerability in the USACBitstreamReader function of the operating systems, which can allow an attacker to reveal protected information.
Recommendations
For macOS versions prior to 11.4, update to macOS Big Sur 11.4 or later.
For tvOS versions prior to 14.6, update to tvOS 14.6 or later.
For iOS versions prior to 14.6, update to iOS 14.6 or later.
For iPadOS versions prior to 14.6, update to iPadOS 14.6 or later.
For watchOS versions prior to 7.5, update to watchOS 7.5 or later.
As a temporary workaround, consider avoiding the use of maliciously crafted audio files until the issue is resolved.
Fix
Stack Overflow
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Tvos
Watchos