Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

October 28, 2021

Rewterz Threat Advisory – ICS: Fuji Electric Tellus Lite V-Simulator and V-Server Lite

October 28, 2021

Rewterz Threat Advisory – CVE-2021-30883 – Apple iOS and iPadOS

October 28, 2021

Severity

High

Analysis Summary

CVE-2021-30886

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a use-after-free in the Kernel component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30875

Apple iOS and iPadOS could allow a local attacker to bypass security restrictions, caused by a lock screen issue in the Siri component. By using a specially-crafted application, an attacker could exploit this vulnerability to view contacts from the lock screen.

CVE-2021-30906

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an error in the iCloud component. By using a specially crafted application, an attacker could exploit this vulnerability to gain elevated privileges.

CVE-2021-30903

Apple iOS and iPadOS could allow a local attacker to execute arbitrary code on the system, caused by an error in the Continuity Camera component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2021-30902

Apple iOS and iPadOS could allow a local attacker to execute arbitrary code on the system, caused by a use-after-free in the Voice Control component. By using a specially crafted application, an attacker could exploit this vulnerability to execute arbitrary code on the system or cause a denial of service.

CVE-2021-30900

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by an out-of-bounds write issue in the GPU Drivers component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

CVE-2021-30889

Apple iOS and iPadOS are vulnerable to a buffer overflow, caused by improper bounds checking by the WebKit component. By persuading a victim to visit a specially crafted Web site, a remote attacker could overflow a buffer and execute arbitrary code on the system or cause the application to crash.

CVE-2021-30914

Apple iOS and iPadOS could allow a local attacker to gain elevated privileges on the system, caused by a memory corruption in the GPU Drivers component. By using a specially crafted application, an attacker could exploit this vulnerability to gain kernel privileges.

Impact

Privilege Escalation
Security Bypass
Code Execution
Buffer Overflow

Affected Vendors

Apple

Affected Products

Apple iOS 15.0.1
Apple iPadOS 15.0.1

Remediation

Refer to Apple Advisory for patch, upgrade, or suggested workaround information.

https://support.apple.com/en-us/HT212867

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Rewterz Annual Threat Intelligence Report 2024 - Download Now

Platform

Managed Security Services

Managed Penetration Testing

Assess

Transform

Train

Respond

Resources

iOS Activation Bug Allows Unauthenticated XML Injection

Critical Threat: Gunra Ransomware Targets Critical Sectors Worldwide – Active IOCs

Lyrix Ransomware – Active IOCs

Threat Insights

About Us

Our Leadership

CSR

Connect with Us

Rewterz Threat Alert – GuLoader Malspam Campaign – Active IOCs

Rewterz Threat Advisory – ICS: Fuji Electric Tellus Lite V-Simulator and V-Server Lite

The Wait Is Over!

The Rewterz Annual Threat Intelligence Report 2024 is finally here.