Vulnerability Name: CVE-2021-30835 (CCN-209759) Assigned: 2021-09-20 Published: 2021-09-20 Updated: 2022-02-11 Summary: This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution. CVSS v3 Severity: 7.8 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )6.8 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H )6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C )Exploitability Metrics: Attack Vector (AV): LocalAttack Complexity (AC): LowPrivileges Required (PR): NoneUser Interaction (UI): RequiredScope: Scope (S): UnchangedImpact Metrics: Confidentiality (C): HighIntegrity (I): HighAvailibility (A): High
CVSS v2 Severity: 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P )Exploitability Metrics: Access Vector (AV): NetworkAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): PartialIntegrity (I): PartialAvailibility (A): Partial
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C )Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-noinfo Vulnerability Consequences: Gain Access References: Source: MITRE Type: CNACVE-2021-30835 Source: FULLDISC Type: Mailing List, Release Notes, Third Party Advisory20211027 APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15 Source: FULLDISC Type: Mailing List, Release Notes, Third Party Advisory20211027 APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8 Source: FULLDISC Type: Mailing List, Release Notes, Third Party Advisory20211027 APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15 Source: XF Type: UNKNOWNapple-itunes-cve202130835-code-exec(209759) Source: MISC Type: Vendor Advisoryhttps://support.apple.com/en-us/HT212805 Source: MISC Type: Vendor Advisoryhttps://support.apple.com/en-us/HT212814 Source: MISC Type: Vendor Advisoryhttps://support.apple.com/en-us/HT212815 Source: CCN Type: Apple security document HT212817About the security content of iTunes 12.12 for Windows Source: MISC Type: Vendor Advisoryhttps://support.apple.com/en-us/HT212817 Source: MISC Type: Vendor Advisoryhttps://support.apple.com/en-us/HT212819 Source: CCN Type: Apple security document HT212953About the security content of iCloud for Windows 13 Source: CONFIRM Type: Vendor Advisoryhttps://support.apple.com/kb/HT212804 Source: CONFIRM Type: Vendor Advisoryhttps://support.apple.com/kb/HT212953 Vulnerable Configuration: Configuration 1 :cpe:/a:apple:itunes:*:*:*:*:*:windows:*:* (Version < 12.12)OR cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 15.0) OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 15.0) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and <= 10.15.6) OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2020-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:security_update_2021-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version < 11.6) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 15.0) OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 8.0) Configuration CCN 1 :cpe:/a:apple:itunes:12.11.3:*:*:*:*:windows:*:* Denotes that component is vulnerable BACK
apple itunes *
apple ipados *
apple iphone os *
apple mac os x *
apple mac os x 10.15.7 -
apple mac os x 10.15.7 security_update_2020
apple mac os x 10.15.7 security_update_2020-001
apple mac os x 10.15.7 security_update_2020-005
apple mac os x 10.15.7 security_update_2020-007
apple mac os x 10.15.7 security_update_2021-001
apple mac os x 10.15.7 security_update_2021-002
apple mac os x 10.15.7 security_update_2021-003
apple mac os x 10.15.7 security_update_2021-004
apple mac os x 10.15.7 supplemental_update
apple macos *
apple tvos *
apple watchos *
apple itunes 12.11.3