Request a Demo
Rewterz
Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs
October 28, 2021
Rewterz
Rewterz Threat Advisory – ICS: Fuji Electric Tellus Lite V-Simulator and V-Server Lite
October 28, 2021

Rewterz Threat Advisory – CVE-2021-30883 – Apple iOS and iPadOS

Severity

High

Analysis Summary

CVE-2021-30886 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30875 

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a lock screen issue in the Siri component. By using a specially-crafted application, an attacker could exploit this vulnerability to view contacts from the lock screen.

CVE-2021-30906 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the iCloud component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2021-30903 

Apple iOS and iPadOS could allow a local attacker to execute arbitrary code on the system, caused by an error in the Continuity Camera component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2021-30902 

Apple iOS and iPadOS could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in the Voice Control component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2021-30900 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write issue in the GPU Drivers component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30889 

Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-30914 

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the GPU Drivers component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

Impact

  • Privilege Escalation
  • Security Bypass
  • Code Execution
  • Buffer Overflow

Affected Vendors

Apple

Affected Products

  • Apple iOS 15.0.1
  • Apple iPadOS 15.0.1

Remediation

Refer to Apple Advisory for patch, upgrade, or suggested workaround information.

https://support.apple.com/en-us/HT212867