PT-2021-6685 · Apple+5 · Watchos+10

André Bargull

·

Published

2020-11-23

·

Updated

2022-07-12

·

CVE-2021-1820

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions macOS Big Sur versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5
Description A memory initialization issue was addressed with improved memory handling. Processing maliciously crafted web content may result in the disclosure of process memory. This issue is related to the disclosure of information in an erroneous data area, which can be exploited by a remote attacker to gain access to confidential data.
Recommendations For macOS Big Sur versions prior to 11.3, update to macOS Big Sur 11.3 to resolve the issue. For iOS versions prior to 14.5, update to iOS 14.5 to resolve the issue. For iPadOS versions prior to 14.5, update to iPadOS 14.5 to resolve the issue. For watchOS versions prior to 7.4, update to watchOS 7.4 to resolve the issue. For tvOS versions prior to 14.5, update to tvOS 14.5 to resolve the issue.

Exploit

Fix

Improper Initialization

Exposure of Resource to Wrong Sphere

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-665CWE-668

Related Identifiers

ALSA-2021:1586
BDU:2022-02037
CESA-2021_1586
CVE-2021-1820
DSA-4797-1
DSA-4797-2
OPENSUSE-SU-2022:0182-1
OPENSUSE-SU-2022_0182-1
OPENSUSE-SU-2022_0182-2
RHSA-2021:1586
RHSA-2021_1586
RHSA-2025:10364
RLSA-2021:1586
SUSE-SU-2022:0142-1
SUSE-SU-2022:0182-1
SUSE-SU-2022:0182-2
SUSE-SU-2022:0183-1

Affected Products

Almalinux
Centos
Apple Macos
Red Hat
Rocky Linux
Suse
Ios
Ipados
Macos Big Sur
Tvos
Watchos