Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
===========================================================================
AUSCERT External Security Bulletin Redistribution
ESB-2021.3578
iOS and iPadOS
27 October 2021
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: iOS 14.8.1
iPadOS 14.8.1
iOS 15
iPadOS 15
Publisher: Apple
Operating System: macOS
Impact/Access: Root Compromise -- Existing Account
Execute Arbitrary Code/Commands -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Denial of Service -- Remote with User Interaction
Access Confidential Data -- Remote with User Interaction
Reduced Security -- Remote with User Interaction
Unauthorised Access -- Console/Physical
Resolution: Patch/Upgrade
CVE Names: CVE-2021-30919 CVE-2021-30918 CVE-2021-30917
CVE-2021-30916 CVE-2021-30915 CVE-2021-30914
CVE-2021-30911 CVE-2021-30910 CVE-2021-30909
CVE-2021-30907 CVE-2021-30906 CVE-2021-30905
CVE-2021-30903 CVE-2021-30902 CVE-2021-30900
CVE-2021-30894 CVE-2021-30890 CVE-2021-30889
CVE-2021-30888 CVE-2021-30887 CVE-2021-30886
CVE-2021-30884 CVE-2021-30883 CVE-2021-30882
CVE-2021-30881 CVE-2021-30875 CVE-2021-30874
CVE-2021-30870 CVE-2021-30867 CVE-2021-30866
CVE-2021-30863 CVE-2021-30857 CVE-2021-30855
CVE-2021-30854 CVE-2021-30852 CVE-2021-30851
CVE-2021-30849 CVE-2021-30848 CVE-2021-30847
CVE-2021-30846 CVE-2021-30843 CVE-2021-30842
CVE-2021-30841 CVE-2021-30840 CVE-2021-30838
CVE-2021-30837 CVE-2021-30836 CVE-2021-30835
CVE-2021-30834 CVE-2021-30831 CVE-2021-30826
CVE-2021-30825 CVE-2021-30819 CVE-2021-30818
CVE-2021-30816 CVE-2021-30815 CVE-2021-30814
CVE-2021-30811 CVE-2021-30810 CVE-2021-30809
CVE-2021-30808 CVE-2013-0340
Reference: ESB-2021.3564
ESB-2021.3368
ESB-2021.3102.2
Original Bulletin:
https://support.apple.com/HT212867
https://support.apple.com/HT212868
https://support.apple.com/HT212814
Comment: This bulletin contains three (3) Apple security advisories.
- --------------------------BEGIN INCLUDED TEXT--------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-1 iOS 15.1 and iPadOS 15.1
iOS 15.1 and iPadOS 15.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212867.
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
ColorSync
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro
CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
FileProvider
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Unpacking a maliciously crafted archive may lead to arbitrary
code execution
Description: An input validation issue was addressed with improved
memory handling.
CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab
of Qihoo 360
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30914: Zuozhi Fan (@pattern_F_) of Ant Security TianQiong
Lab
iCloud
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30906: Cees Elzinga
Image Processing
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security
Pandora Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30886: @0xalsr
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted file may disclose user
information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year
Lab
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device. This issue was addressed with improved state
management.
CVE-2021-30875: Abhay Kailasia (@abhay_kailasia) of Lakshmi Narain
College of Technology
UIKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A person with physical access to an iOS device may be able to
determine characteristics of a user's password in a secure text entry
field
Description: A logic issue was addressed with improved state
management.
CVE-2021-30915: Kostas Angelopoulos
Voice Control
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
unexpectedly unenforced Content Security Policy
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt.
Ltd.
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A buffer overflow issue was addressed with improved
memory handling.
CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua
wingtecher lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30890: an anonymous researcher
Additional recognition
iCloud
We would like to acknowledge Ryan Pickren (ryanpickren.com) for their
assistance.
Mail
We would like to acknowledge Fabian Ising and Damian Poddebniak of
Münster University of Applied Sciences for their assistance.
NetworkExtension
We would like to acknowledge Alex Bauer of Branch for their
assistance.
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero,
Pavel Gromadchuk, an anonymous researcher for their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15.1"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hlwACgkQeC9qKD1p
rhhZzA//eK6xk7AnCtAA81RgI7GizGPrMG3g/G+tpHAtaiwEB82Fi904h7FVPAr8
3ehHIqYHjc3+gHrOAa+/oWoVD0BSMWEjvJbrf9w2i0LNn6YmcFgPorwhcfIjnAhz
cVAVRdz+iQdmaF5UBxuPdqGinJXpeMi6Az4dUH114bgOkB9LeQNEb+1zvkxmgi+O
KoTCONfWHeC4hbEPcqHNxZm3/R/rvSoeNnKbtehPsp4vSNzeV9Bc1XlHcoZDsWyd
QPfV2ffLMsj2S1cvcwoH5y/JLsmEpyuEEOSKx211Te/T+B8gO8PdCbzzhtAwkF8Z
sL6JD+midcrz4dirYuc1qHs0ITqyhHTSgUM062tK6+V8tpyf3r4FLI2TWBAQcpnE
QkVYIOyyvj/0GMEygBl4A7WpWGLU1wDCAGLY4BhSy1DSx5ybF73FzZfr4xqBP7R1
0MFw/uBQR+BZ/2xyO1bh5VB0Q2eSQoCfQ2nBh5bAYRq6Ioy09+3F1maLVdQxlSyg
pwKL6FZHIbPqtJmessoCVwtB6XqYl53IqsG8b/DdL9wqZmSSCgePqezh46uANNJw
q/u3x5t5mK6vMc9rK0nwYN1l8GM9LgOH5IU083+9cfRm/bfD09OlbR9NFQvnpjJC
2N3fQ6rFWRlteIRiAfLtY1UvkaDzS1vpzq2+tYR+MppKJ2bvIXI=
=gWEM
- -----END PGP SIGNATURE-----
- ---------------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1
iOS 14.8.1 and iPadOS 14.8.1 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212868.
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to elevate privileges
Description: An integer overflow was addressed through improved input
validation.
CVE-2021-30907: Zweig of Kunlun Lab
ColorSync
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue existed in the processing of
ICC profiles. This issue was addressed with improved input
validation.
CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google
Project Zero
Continuity Camera
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
CoreGraphics
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted PDF may lead to arbitrary
code execution
Description: An out-of-bounds write was addressed with improved input
validation.
CVE-2021-30919
GPU Drivers
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: An out-of-bounds write issue was addressed with improved
bounds checking.
CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
IOMobileFrameBuffer
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges. Apple is aware of a report that this issue may
have been actively exploited.
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30883: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30909: Zweig of Kunlun Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30916: Zweig of Kunlun Lab
Sidecar
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30903: an anonymous researcher
Status Bar
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the Lock
Screen
Description: A Lock Screen issue was addressed with improved state
management.
CVE-2021-30918: videosdebarraquito
Voice Control
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website using Content Security Policy reports may
be able to leak information via redirect behavior
Description: An information leakage issue was addressed.
CVE-2021-30888: Prakash (@1lastBr3ath)
Additional recognition
WebKit
We would like to acknowledge Ivan Fratric of Google Project Zero for
their assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "14.8.1"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4gJYACgkQeC9qKD1p
rhhSpg/+O5wkoXNca5mbKH1Ihoj6/Yik5DMwDk458Fi5/42Kn690wsuFIEvhsgZ8
rhCzrgiKctj+R8QI73NH2UiTxduw75iTBhtgQ046A0PQUFrUrjCkCeDCjHSpmVBX
wvq5m7t9ndex6Y1eaql2FGO27YISk6N+tq5svGqXvCtNBrN+MXPGttl8cbeeFmkX
COlWko+86OK8HzrdOyR/nJvENemub8VqPuOQ2CD8DJCWedPDYfHY6AYHJ56c/JN3
UTMng6I2a85mzIGkw4Skyjlxcn+btytxaxgvodhhKiIr1l7oPzVSvn1d1yjjl/zH
kI0YQS4pEJwyCtrg7/Xxc4kDIE02Uo9KOL8EZOygrrToM/jyA/ZlDIfXqNmVBIVK
JY3qhY0FJ/TL1H5iuhI4MEnIqs7WWWi4bZXf7OEflh6nP9xf91tDk9tQMcVlbRYc
0TDo7PwuJJntCb9MCKBi2C01pG0UxAiWR8IBV6DPhQwRSuZkIViTQzKsh8fBVgub
Jv464wQDwmUcRbF+l2hmZZ4BQq0X7IBc0P0Z49NDETjJ7oJJU3sAIS9yw3mIFqPu
ES9ATculBWlanXDAbK5kPCBHyHHuYm5RM7AzCNGWIUZRgnboLvKcRrp59tJltyjW
+nIkVQol7E8gH38/Zrbejyq//68JV2YeY5AM+NnOj3+BOIDggvA=
=PGlV
- -----END PGP SIGNATURE-----
- -------------------------------------------------------------
- -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
APPLE-SA-2021-10-26-9 Additional information for
APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15
iOS 15 and iPadOS 15 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212814.
Accessory Manager
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A memory consumption issue was addressed with improved
memory handling.
CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)
AppleMobileFileIntegrity
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to read sensitive information
Description: This issue was addressed with improved checks.
CVE-2021-30811: an anonymous researcher working with Compartir
Apple Neural Engine
Available for devices with Apple Neural Engine: iPhone 8 and later,
iPad Pro (3rd generation) and later, iPad Air (3rd generation) and
later, and iPad mini (5th generation)
Impact: A malicious application may be able to execute arbitrary code
with system privileges on devices with an Apple Neural Engine
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30838: proteas wang
bootp
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may be passively tracked by its WiFi MAC address
Description: A user privacy issue was addressed by removing the
broadcast MAC address.
CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)
Entry added October 25, 2021
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a malicious audio file may result in unexpected
application termination or arbitrary code execution
Description: A logic issue was addressed with improved state
management.
CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab
Entry added October 25, 2021
CoreML
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to cause unexpected application
termination or arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day
Initiative
Face ID
Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS
(all models), iPhone 11 (all models), iPhone 12 (all models), iPad
Pro (11-inch), and iPad Pro (3rd generation)
Impact: A 3D model constructed to look like the enrolled user may be
able to authenticate via Face ID
Description: This issue was addressed by improving Face ID anti-
spoofing models.
CVE-2021-30863: Wish Wu of Ant-financial Light-Year
Security Lab
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker with physical access to a device may be able to
see private contact information
Description: The issue was addressed with improved permissions logic.
CVE-2021-30816: Atharv (@atharv0x0)
Entry added October 25, 2021
FaceTime
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application with microphone permission may unexpectedly
access microphone input during a FaceTime call
Description: A logic issue was addressed with improved validation.
CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted font may result in the
disclosure of process memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab
Entry added October 25, 2021
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted dfont file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab
CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab
Foundation
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved
memory handling.
CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab
Entry added October 25, 2021
iCloud Photo Library
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to access photo metadata
without needing permission to access photos
Description: The issue was addressed with improved authentication.
CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A memory corruption issue was addressed with improved
input validation.
CVE-2021-30814: hjy79425575
Entry added October 25, 2021
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30835: Ye Zhang of Baidu Security
CVE-2021-30847: Mike Zhang of Pangu Lab
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A race condition was addressed with improved locking.
CVE-2021-30857: Zweig of Kunlun Lab
libexpat
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: This issue was addressed by updating expat to version
2.4.1.
CVE-2013-0340: an anonymous researcher
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30819: Apple
NetworkExtension
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A VPN configuration may be installed by an app without user
permission
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-
boccardo)
Entry added October 25, 2021
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to access restricted files
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Preferences
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A sandboxed process may be able to circumvent sandbox
restrictions
Description: A logic issue was addressed with improved state
management.
CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020)
of Tencent Security Xuanwu Lab (xlab.tencent.com)
Quick Look
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Previewing an html file attached to a note may unexpectedly
contact remote servers
Description: A logic issue existed in the handling of document loads.
This issue was addressed with improved state management.
CVE-2021-30870: Saif Hamed Al Hinai Oman CERT
Entry added October 25, 2021
Sandbox
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: This issue was addressed with improved checks.
CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security
Entry added October 25, 2021
Siri
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to view contacts from the lock
screen
Description: A lock screen issue allowed access to contacts on a
locked device. This issue was addressed with improved state
management.
CVE-2021-30815: an anonymous researcher
Telephony
Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad
Air 2, iPad (5th generation), and iPad mini 4
Impact: In certain situations, the baseband would fail to enable
integrity and ciphering protection
Description: A logic issue was addressed with improved state
management.
CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST
SysSec Lab
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Visiting a maliciously crafted website may reveal a user's
browsing history
Description: The issue was resolved with additional restrictions on
CSS compositing.
CVE-2021-30884: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A type confusion issue was addressed with improved state
handling.
CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30809: an anonymous researcher
Entry added October 25, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30846: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption issue was addressed with improved
memory handling.
CVE-2021-30848: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30849: Sergei Glazunov of Google Project Zero
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to code
execution
Description: A memory corruption vulnerability was addressed with
improved locking.
CVE-2021-30851: Samuel Gross of Google Project Zero
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in physical proximity may be able to force a user
onto a malicious Wi-Fi network during device setup
Description: An authorization issue was addressed with improved state
management.
CVE-2021-30810: an anonymous researcher
Additional recognition
Assets
We would like to acknowledge Cees Elzinga for their assistance.
Bluetooth
We would like to acknowledge an anonymous researcher for their
assistance.
File System
We would like to acknowledge Siddharth Aeri (@b1n4r1b01) for their
assistance.
Sandbox
We would like to acknowledge Csaba Fitzl (@theevilbit) of Offensive
Security for their assistance.
UIKit
We would like to acknowledge an anonymous researcher for their
assistance.
Installation note:
This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/
iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.
To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "15"
Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222
This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/
- -----BEGIN PGP SIGNATURE-----
iQIzBAEBCAAdFiEEePiLW1MrMjw19XzoeC9qKD1prhgFAmF4hy0ACgkQeC9qKD1p
rhiHNRAAwUaVHgd+whk6qGBZ3PYqSbvvuuo00rLW6JIqv9dwpEh9BBD//bSsUppb
41J5VaNoKDsonTLhXt0Mhn66wmhbGjLneMIoNb7ffl7O2xDQaWAr+HmoUm6wOo48
Kqj/wJGNJJov4ucBA6InpUz1ZevEhaPU4QMNedVck4YSl1GhtSTJsBAzVkMakQhX
uJ1fVdOJ5konmmQJLYxDUo60xqS0sZPchkwCM1zwR/SAZ70pt6P0MGI1Yddjcn1U
loAcKYVgkKAc9RWkXRskR1RxFBGivTI/gy5pDkLxfGfwFecf6PSR7MDki4xDeoVH
5FWXBwga8Uc/afGRqnFwTpdsisRZP8rQFwMam1T/DwgrWD8R2CCn/wOcvbtlWMIv
LczYCJFMELaXOjFF5duXaUJme97567OypYvhjBDtiIPg5MCGhZZCmpbRjkcUBZNJ
YQOELzq6CHWc96mjPOt34B0X2VXGhvgpQ0/evvcQe3bHv0F7N/acAlgsGe+e4Jn8
k0gWZocq+fPnl6YYgZKIGgcZWUl5bdqduApesEtpRU2ug2TE+xMOhMZXb1WLawJl
n/OtVHhIjft23r0MGgyWTIHMPe5DRvEPWGI3DS+55JX6XOxSGp9o6xgOAraZR4U6
HO/WbQOwj7SSKbyPxmDTp4OMyFPukbe92WIMh5EpFcILp6GTJqQ=
=lg51
- -----END PGP SIGNATURE-----
- --------------------------END INCLUDED TEXT--------------------
You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.
NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members. As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.
NOTE: This is only the original release of the security bulletin. It may
not be updated when updates to the original are made. If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.
Contact information for the authors of the original document is included
in the Security Bulletin above. If you have any questions or need further
information, please contact them directly.
Previous advisories and external security bulletins can be retrieved from:
https://www.auscert.org.au/bulletins/
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBYXjxReNLKJtyKPYoAQh8HQ/7BzylTBkZ+15epREPvkvqr8FjIP7AA1i0
cPNO15H1c2fdxlOMmPEjTVVbAGrvDXSZL1w5hBJF42g/fJjzeXNZt1LznwcCGj+B
Og67ne/1XF4IDGnAnFoPEVge4YlVlMk+IS/imlEb7gLXF2TZdz04nZNbi0GCtMH6
FLYlrc3F9xLohX86jfRsOtbZuP8ZxQS7S6JKH9NL+kBaLbE8h3sM07fUS5RhuGYa
3bpeAlQ6vPEuxA7y7/vy/9LJSlqq0L6bjMtXNrEvzvzj2gksv9d2D804vZCz13G/
HtIYxYqgwAG1qu9n7BC5gB0E5OFI7s4LjHMPPy2V0j9rBQQv3wbqJTcvCRqQFw90
R0mSGv3FxrjHT0LTEovoc3mH07V17uP3vvgvtwFylgNjTfjSZQ4GlKoJz2k3Harm
hKVtVIDz0b77fhuhhl9DX7NG5r8ilPhtfpgxT+VBKyQj1/PLZN5WRLE7EIV9KHPO
3G49gdZ7aNNCVQeXRByCSbrv+tm7D1AR4QmElVGLYThhQ+eRWN2OvFDZl2WOZRyn
XdzRk/oT0DflLDxN9Ua34uWBnwjql4WVZ1YVIvkGAJv0QNMMEUjzS6G1SKZmCOdh
Hx7Vk2oqvdju6gAmpr8nvGPrVHXipi4LCkbBFBKpvkFm5UQZwymHXTKfny6FcPva
oeG2K4vyXZs=
=/Bgo
-----END PGP SIGNATURE-----