PT-2021-6005 · Apple · Ipados+4
Xingwei Lin
·
Published
2021-10-25
·
Updated
2021-11-23
·
CVE-2021-30831
CVSS v3.1
5.5
Medium
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
iPadOS versions prior to 15
iOS versions prior to 15
tvOS versions prior to 15
watchOS versions prior to 8
Description
The issue is related to an out-of-bounds read in the FontParser component, which can result in the disclosure of process memory when processing a maliciously crafted font. This can allow a remote attacker to reveal protected information.
Recommendations
For iPadOS versions prior to 15, update to iPadOS 15 or later to resolve the issue.
For iOS versions prior to 15, update to iOS 15 or later to resolve the issue.
For tvOS versions prior to 15, update to tvOS 15 or later to resolve the issue.
For watchOS versions prior to 8, update to watchOS 8 or later to resolve the issue.
As a temporary workaround, consider restricting the use of potentially malicious fonts until a patch is applied.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Tvos
Watchos