Apple Apple Software and Device Maker

Do you want an email whenever new security vulnerabilities are reported in any Apple product?

Products by Apple Sorted by Most Security Vulnerabilities since 2018

Apple iOS976 vulnerabilities
The iOS Operating System used by iPhones.

Apple Mac OSX880 vulnerabilities
Macintosh Operating System

Apple TV OS627 vulnerabilities
Apple TV Operating System

Apple Watch OS583 vulnerabilities
Apple Watch Operating System

Apple Macos332 vulnerabilities

Apple Safari330 vulnerabilities

Apple iPad OS299 vulnerabilities
Apple iPad Operating System

Apple iTunes198 vulnerabilities
Apple iTunes Software

Apple iPad OS182 vulnerabilities
Apple iPad Operating System

Apple iCloud173 vulnerabilities

Apple Mac Os35 vulnerabilities

Apple Tv26 vulnerabilities

Apple Xcode14 vulnerabilities

Apple Mac Os X Server7 vulnerabilities

Apple Tv Os7 vulnerabilities

Apple Cups5 vulnerabilities

Apple Files2 vulnerabilities

Apple Swift2 vulnerabilities

Apple Shortcuts2 vulnerabilities

Apple Shazam1 vulnerability

Apple Boot Camp1 vulnerability

Apple Watch Os1 vulnerability

Apple Texture1 vulnerability

Apple Swiftnio Ssl1 vulnerability

Apple Swiftnio1 vulnerability

Apple Iphone 3gs1 vulnerability

Apple Os X Server1 vulnerability

Apple Nioextras1 vulnerability

Apple Music1 vulnerability

Apple Maos1 vulnerability

Apple Macos Server1 vulnerability

Apple Garageband1 vulnerability

Apple Imovie1 vulnerability

Apple Iphone1 vulnerability

Recent Apple Security Advisories

Advisory Title Published
HT212825 Security Update 2021-006 Catalina Security Content September 23, 2021
HT212824 iOS 12.5.5 Security Content September 23, 2021
HT212815 tvOS 15 Security Content September 20, 2021
HT212819 watchOS 8 Security Content September 20, 2021
HT212816 Safari 15 Security Content September 20, 2021
HT212817 iTunes 12.12 for Windows Security Content September 20, 2021
HT212814 iOS 15 and iPadOS 15 Security Content September 20, 2021
HT212818 Xcode 13 Security Content September 20, 2021
HT212809 iTunes U 3.8.3 Security Content September 15, 2021
HT212808 Safari 14.1.2 Security Content September 13, 2021

By the Year

In 2021 there have been 401 vulnerabilities in Apple with an average score of 7.1 out of ten. Last year Apple had 384 security vulnerabilities published. That is, 17 more vulnerabilities have already been reported in 2021 as compared to last year. However, the average CVE base score of the vulnerabilities in 2021 is greater by 0.15.

Year Vulnerabilities Average Score
2021 401 7.10
2020 384 6.95
2019 546 7.42
2018 177 7.36

It may take a day or so for new Apple vulnerabilities to show up in the stats or in the list of recent security vulnerabilties. Additionally vulnerabilities may be tagged under a different product or component name.

Recent Apple Security Vulnerabilities

A memory corruption issue was addressed with improved memory handling

CVE-2021-30807 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30807 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30807 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30846 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved memory handling

CVE-2021-30848 - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30849 - October 19, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

A memory consumption issue was addressed with improved memory handling

CVE-2021-30837 7.8 - High - October 19, 2021

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2021-30841 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30842 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30843 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30835 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30847 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

An access issue was addressed with improved access restrictions

CVE-2021-30850 - October 19, 2021

An access issue was addressed with improved access restrictions. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6, tvOS 15. A user may gain access to protected parts of the file system.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30846 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30849 - October 19, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

An authorization issue was addressed with improved state management

CVE-2021-30810 4.3 - Medium - October 19, 2021

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

AuthZ

A memory consumption issue was addressed with improved memory handling

CVE-2021-30837 7.8 - High - October 19, 2021

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2021-30811 5.5 - Medium - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.

This issue was addressed with improved checks

CVE-2021-30841 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30842 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30843 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30835 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30847 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30846 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30849 - October 19, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

An authorization issue was addressed with improved state management

CVE-2021-30810 4.3 - Medium - October 19, 2021

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

AuthZ

A memory consumption issue was addressed with improved memory handling

CVE-2021-30837 7.8 - High - October 19, 2021

A memory consumption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An application may be able to execute arbitrary code with kernel privileges.

This issue was addressed with improved checks

CVE-2021-30811 5.5 - Medium - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8. A local attacker may be able to read sensitive information.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30838 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15 and iPadOS 15. A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine.

This issue was addressed with improved checks

CVE-2021-30825 7.8 - High - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30841 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30842 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30843 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted dfont file may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30835 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30847 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

An out-of-bounds read was addressed with improved input validation

CVE-2021-30819 5.5 - Medium - October 19, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 15 and iPadOS 15. Processing a maliciously crafted USD file may disclose memory contents.

Out-of-bounds Read

A lock screen issue allowed access to contacts on a locked device

CVE-2021-30815 2.4 - Low - October 19, 2021

A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. A local attacker may be able to view contacts from the lock screen.

Exposure of Resource to Wrong Sphere

A logic issue was addressed with improved state management

CVE-2021-30826 7.5 - High - October 19, 2021

A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15. In certain situations, the baseband would fail to enable integrity and ciphering protection.

A memory corruption issue was addressed with improved memory handling

CVE-2021-30846 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Memory Corruption

A memory corruption issue was addressed with improved memory handling

CVE-2021-30848 - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to code execution.

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30849 - October 19, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

An authorization issue was addressed with improved state management

CVE-2021-30810 4.3 - Medium - October 19, 2021

An authorization issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, watchOS 8, tvOS 15. An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup.

AuthZ

This issue was addressed with improved checks

CVE-2021-30835 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30847 - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in watchOS 8, macOS Big Sur 11.6, Security Update 2021-005 Catalina, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing a maliciously crafted image may lead to arbitrary code execution.

Multiple memory corruption issues were addressed with improved memory handling

CVE-2021-30849 - October 19, 2021

Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.

A logic issue was addressed with improved state management

CVE-2021-30820 9.8 - Critical - October 19, 2021

A logic issue was addressed with improved state management. This issue is fixed in iOS 14.8 and iPadOS 14.8. A remote attacker may be able to cause arbitrary code execution.

A race condition was addressed with additional validation

CVE-2020-29622 7.5 - High - October 19, 2021

A race condition was addressed with additional validation. This issue is fixed in Security Update 2021-005 Catalina. Mounting a maliciously crafted NFS network share may lead to arbitrary code execution with system privileges.

Race Condition

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30845 5.5 - Medium - October 19, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6. A local user may be able to read kernel memory.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2021-30844 7.5 - High - October 19, 2021

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A remote attacker may be able to leak memory.

A memory corruption issue was addressed with improved state management

CVE-2021-30832 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

Memory Corruption

A memory corruption issue was addressed with improved memory handling

CVE-2021-30830 7.8 - High - October 19, 2021

A memory corruption issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A malicious application may be able to execute arbitrary code with kernel privileges.

Memory Corruption

A URI parsing issue was addressed with improved parsing

CVE-2021-30829 7.8 - High - October 19, 2021

A URI parsing issue was addressed with improved parsing. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to execute arbitrary files.

Improper Privilege Management

This issue was addressed with improved checks

CVE-2021-30828 5.5 - Medium - October 19, 2021

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local user may be able to read arbitrary files as root.

Exposure of Resource to Wrong Sphere

A permissions issue existed

CVE-2021-30827 7.8 - High - October 19, 2021

A permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in Security Update 2021-005 Catalina, macOS Big Sur 11.6. A local attacker may be able to elevate their privileges.

Improper Preservation of Permissions

A logic issue was addressed with improved state management

CVE-2021-30716 5.9 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service.

A memory corruption issue was addressed with improved state management

CVE-2021-30717 8.1 - High - September 08, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-30712 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

A logic issue was addressed with improved state management

CVE-2021-30678 9.8 - Critical - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

A logic issue was addressed with improved state management

CVE-2021-30676 7.1 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A local user may be able to cause unexpected system termination or read kernel memory.

A malicious application may be able to break out of its sandbox

CVE-2021-30688 8.8 - High - September 08, 2021

A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.

Improper Input Validation

A logic issue was addressed with improved state management

CVE-2021-30669 5.5 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application may bypass Gatekeeper checks.

Download of Code Without Integrity Check

This issue was addressed with improved checks

CVE-2021-30707 8.8 - High - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Classic Buffer Overflow

This issue was addressed with improved checks

CVE-2021-30685 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Parsing a maliciously crafted audio file may lead to disclosure of user information.

A validation issue existed in the handling of symlinks

CVE-2021-30681 7.8 - High - September 08, 2021

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to gain root privileges.

Improper Input Validation

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30686 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted audio file may disclose restricted memory.

Out-of-bounds Read

An access issue was addressed with improved access restrictions

CVE-2021-30673 5.5 - Medium - September 08, 2021

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to access a user's call history.

Exposure of Resource to Wrong Sphere

A logic issue was addressed with improved state management

CVE-2021-30684 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A remote attacker may cause an unexpected application termination or arbitrary code execution.

A logic issue was addressed with improved state management

CVE-2021-30697 5.5 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A local user may be able to leak sensitive user information.

A memory corruption issue was addressed with improved state management

CVE-2021-30710 7.1 - High - September 08, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. A malicious application may cause a denial of service or potentially disclose memory contents.

Memory Corruption

A use after free issue was addressed with improved memory management

CVE-2021-30683 7.8 - High - September 08, 2021

A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A malicious application could execute arbitrary code leading to compromise of user information.

Dangling pointer

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30687 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to disclosure of user information.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2021-30700 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to disclosure of user information.

This issue was addressed with improved checks

CVE-2021-30701 7.8 - High - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted image may lead to arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30705 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted ASTC file may disclose memory contents.

A local user may be able to cause unexpected system termination or read kernel memory

CVE-2021-30719 7.1 - High - September 08, 2021

A local user may be able to cause unexpected system termination or read kernel memory. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. An out-of-bounds read issue was addressed by removing the vulnerable code.

Out-of-bounds Read

A logic issue was addressed with improved state management

CVE-2021-30704 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. An application may be able to execute arbitrary code with kernel privileges.

A logic issue was addressed with improved state management

CVE-2021-30715 7.5 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5. Processing a maliciously crafted message may lead to a denial of service.

A logic issue was addressed with improved state management

CVE-2021-30680 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4. A local user may be able to load unsigned kernel extensions.

This issue was addressed with improved environment sanitization

CVE-2021-30677 8.8 - High - September 08, 2021

This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.

A logic issue was addressed with improved state management

CVE-2021-30702 4.6 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A person with physical access to a Mac may be able to bypass Login Window.

authentification

An attacker in a privileged network position may be able to misrepresent application state

CVE-2021-30696 5.9 - Medium - September 08, 2021

An attacker in a privileged network position may be able to misrepresent application state. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A logic issue was addressed with improved state management.

An information disclosure issue was addressed with improved state management

CVE-2021-30691 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

An information disclosure issue was addressed with improved state management

CVE-2021-30692 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

An information disclosure issue was addressed with improved state management

CVE-2021-30694 5.5 - Medium - September 08, 2021

An information disclosure issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

A validation issue was addressed with improved logic

CVE-2021-30693 7.8 - High - September 08, 2021

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.

Improper Input Validation

An out-of-bounds read was addressed with improved bounds checking

CVE-2021-30695 5.5 - Medium - September 08, 2021

An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

Out-of-bounds Read

An out-of-bounds read was addressed with improved input validation

CVE-2021-30708 7.8 - High - September 08, 2021

An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.

Out-of-bounds Read

This issue was addressed with improved checks

CVE-2021-30709 5.5 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.

Exposure of Resource to Wrong Sphere

This issue was addressed by removing the vulnerable code

CVE-2021-30679 7.8 - High - September 08, 2021

This issue was addressed by removing the vulnerable code. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An application may be able to gain elevated privileges.

A logic issue was addressed with improved state management

CVE-2021-30716 5.9 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to perform denial of service.

A memory corruption issue was addressed with improved state management

CVE-2021-30717 8.1 - High - September 08, 2021

A memory corruption issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. An attacker in a privileged network position may be able to execute arbitrary code.

Memory Corruption

A logic issue was addressed with improved state management

CVE-2021-30712 7.8 - High - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave. A remote attacker may be able to cause unexpected application termination or arbitrary code execution.

This issue was addressed with improved checks

CVE-2021-30668 4.6 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A person with physical access to a Mac may be able to bypass Login Window during a software update.

authentification

This issue was addressed with improved checks

CVE-2021-30718 4.3 - Medium - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4. A non-privileged user may be able to modify restricted settings.

A validation issue was addressed with improved logic

CVE-2021-30671 3.3 - Low - September 08, 2021

A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A malicious application may be able to send unauthorized Apple events to Finder.

Improper Input Validation

A permissions issue was addressed with improved validation

CVE-2021-30713 7.8 - High - September 08, 2021

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

AuthZ

A logic issue was addressed with improved restrictions

CVE-2021-30682 5.5 - Medium - September 08, 2021

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.

A logic issue was addressed with improved state management

CVE-2021-30689 6.1 - Medium - September 08, 2021

A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

XSS

A null pointer dereference was addressed with improved input validation

CVE-2021-30698 7.5 - High - September 08, 2021

A null pointer dereference was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6 and iPadOS 14.6. A remote attacker may be able to cause a denial of service.

NULL Pointer Dereference

This issue was addressed with improved checks

CVE-2021-30707 8.8 - High - September 08, 2021

This issue was addressed with improved checks. This issue is fixed in macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted audio file may lead to arbitrary code execution.

Classic Buffer Overflow

Built by Foundeo Inc., with data from the National Vulnerability Database (NVD), Icons by Icons8. Privacy Policy. Use of this site is governed by the Legal Terms
Disclaimer
CONTENT ON THIS WEBSITE IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. Always check with your vendor for the most up to date, and accurate information.