PT-2021-6053 · Apple · Ipados+4
Xingwei Lin
·
Published
2021-10-25
·
Updated
2021-11-23
·
CVE-2021-30840
CVSS v3.1
7.8
High
| Vector | AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Apple iOS versions prior to 15
Apple iPadOS versions prior to 15
Apple tvOS versions prior to 15
Apple watchOS versions prior to 8
Description
The issue is related to the FontParser component in Apple operating systems, which is vulnerable to a buffer overflow in memory. This can be exploited by processing a maliciously crafted dfont file, potentially leading to arbitrary code execution.
Recommendations
For Apple iOS versions prior to 15, update to iOS 15 or later to resolve the issue.
For Apple iPadOS versions prior to 15, update to iPadOS 15 or later to resolve the issue.
For Apple tvOS versions prior to 15, update to tvOS 15 or later to resolve the issue.
For Apple watchOS versions prior to 8, update to watchOS 8 or later to resolve the issue.
As a temporary workaround, consider avoiding the use of specially crafted dfont files until a patch is applied.
Fix
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Apple Macos
Ios
Ipados
Tvos
Watchos