PT-2021-7358 · Apple+7 · Watchos+12

David Gullasch

Published

2021-09-20

Updated

2023-01-09

CVE-2021-30823

CVSS v2.0

6.8

Medium

Vector

AV:N/AC:L/Au:S/C:N/I:C/A:N

Name of the Vulnerable Software and Affected Versions Safari versions prior to 15 macOS versions prior to 12.0.1 iOS versions prior to 14.8 iPadOS versions prior to 14.8 tvOS versions prior to 15 watchOS versions prior to 8

Description A logic issue was addressed with improved restrictions, allowing an attacker in a privileged network position to potentially bypass HSTS. This could impact the integrity of data.

Recommendations For Safari versions prior to 15, update to Safari 15 or later. For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1 or later. For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later.

Exploit

Fix

Cleartext Transmission of Sensitive Information

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-319

Related Identifiers

ALSA-2022:1777

ALT-PU-2021-3571

ALT-PU-2022-2162

BDU:2022-05779

CESA-2022_1777

CVE-2021-30823

DSA-4995-1

DSA-4996-1

OPENSUSE-SU-2022:0182-1

OPENSUSE-SU-2022_0182-1

OPENSUSE-SU-2022_0182-2

RHSA-2022:1777

RHSA-2022_1777

RHSA-2025:10364

RLSA-2022:1777

SUSE-SU-2022:0142-1

SUSE-SU-2022:0182-1

SUSE-SU-2022:0182-2

SUSE-SU-2022:0183-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ios

Ipados

Tvos

Watchos

PT-2021-7358 · Apple+7 · Watchos+12

CVE-2021-30823

Weakness Enumeration

Related Identifiers

Affected Products

References · 180