-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

===========================================================================
             AUSCERT External Security Bulletin Redistribution

                               ESB-2021.0352
             APPLE-SA-2021-02-01-2 Additional information for
              APPLE-SA-2021-01-26-1 iOS 14.4 and iPadOS 14.4
                              2 February 2021

===========================================================================

        AusCERT Security Bulletin Summary
        ---------------------------------

Product:           iOS 14.4
                   iPadOS 14.4
Publisher:         Apple
Operating System:  Apple iOS
Impact/Access:     Root Compromise                 -- Existing Account            
                   Execute Arbitrary Code/Commands -- Remote with User Interaction
                   Modify Arbitrary Files          -- Existing Account            
                   Create Arbitrary Files          -- Existing Account            
                   Denial of Service               -- Remote with User Interaction
                   Access Confidential Data        -- Existing Account            
                   Unauthorised Access             -- Remote with User Interaction
                   Reduced Security                -- Unknown/Unspecified         
Resolution:        Patch/Upgrade
CVE Names:         CVE-2021-1871 CVE-2021-1870 CVE-2021-1818
                   CVE-2021-1801 CVE-2021-1799 CVE-2021-1797
                   CVE-2021-1796 CVE-2021-1795 CVE-2021-1794
                   CVE-2021-1793 CVE-2021-1792 CVE-2021-1791
                   CVE-2021-1789 CVE-2021-1788 CVE-2021-1787
                   CVE-2021-1786 CVE-2021-1785 CVE-2021-1783
                   CVE-2021-1782 CVE-2021-1781 CVE-2021-1780
                   CVE-2021-1778 CVE-2021-1776 CVE-2021-1773
                   CVE-2021-1772 CVE-2021-1769 CVE-2021-1768
                   CVE-2021-1767 CVE-2021-1766 CVE-2021-1764
                   CVE-2021-1763 CVE-2021-1762 CVE-2021-1761
                   CVE-2021-1760 CVE-2021-1759 CVE-2021-1758
                   CVE-2021-1757 CVE-2021-1756 CVE-2021-1753
                   CVE-2021-1750 CVE-2021-1748 CVE-2021-1747
                   CVE-2021-1746 CVE-2021-1745 CVE-2021-1744
                   CVE-2021-1743 CVE-2021-1741 

Reference:         ESB-2021.0349
                   ESB-2021.0300
                   ESB-2021.0299
                   ESB-2021.0298

Original Bulletin: 
   https://support.apple.com/HT212146

Comment: Apple is aware of a report that CVE-2021-1871, CVE-2021-1870 and CVE-2021-1782
         may have been actively exploited.

- --------------------------BEGIN INCLUDED TEXT--------------------

iOS 14.4 and iPadOS 14.4

Released January 26, 2021

Analytics

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed with improved checks.

CVE-2021-1761: Cees Elzinga

Entry added February 1, 2021

APFS

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A local user may be able to read arbitrary files

Description: The issue was addressed with improved permissions logic.

CVE-2021-1797: Thomas Tempelmann

Entry added February 1, 2021

Bluetooth

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1794: Jianjun Dai of 360 Alpha Lab

Entry added February 1, 2021

Bluetooth

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1795: Jianjun Dai of 360 Alpha Lab

CVE-2021-1796: Jianjun Dai of 360 Alpha Lab

Entry added February 1, 2021

Bluetooth

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: An attacker in a privileged position may be able to perform a denial of
service attack

Description: A memory initialization issue was addressed with improved memory
handling.

CVE-2021-1780: Jianjun Dai of 360 Alpha Lab

Entry added February 1, 2021

CoreAnimation

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A malicious application could execute arbitrary code leading to
compromise of user information

Description: A memory corruption issue was addressed with improved state
management.

CVE-2021-1760: @S0rryMybad of 360 Vulcan Team

Entry added February 1, 2021

CoreAudio

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1747: JunDong Xie of Ant Security Light-Year Lab

Entry added February 1, 2021

CoreGraphics

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted font file may lead to arbitrary code
execution

Description: An out-of-bounds write issue was addressed with improved bounds
checking.

CVE-2021-1776: Ivan Fratric of Google Project Zero

Entry added February 1, 2021

CoreMedia

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1759: Hou JingYi (@hjy79425575) of Qihoo 360 CERT

Entry added February 1, 2021

CoreText

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted text file may lead to arbitrary code
execution

Description: A stack overflow was addressed with improved input validation.

CVE-2021-1772: Mickey Jin of Trend Micro

Entry added February 1, 2021

CoreText

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1792: Mickey Jin & Junzhi Lu of Trend Micro

Entry added February 1, 2021

Crash Reporter

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A local user may be able to create or modify system files

Description: A logic issue was addressed with improved state management.

CVE-2021-1786: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added February 1, 2021

Crash Reporter

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A local attacker may be able to elevate their privileges

Description: Multiple issues were addressed with improved logic.

CVE-2021-1787: James Hutchins

Entry added February 1, 2021

FairPlay

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A malicious application may be able to disclose kernel memory

Description: An out-of-bounds read issue existed that led to the disclosure of
kernel memory. This was addressed with improved input validation.

CVE-2021-1791: Junzhi Lu (@pwn0rz), Qi Sun & Mickey Jin of Trend Micro

Entry added February 1, 2021

FontParser

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1758: Peter Nguyen of STAR Labs

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: A logic issue was addressed with improved state management.

CVE-2021-1773: Xingwei Lin of Ant Security Light-Year Lab

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: This issue was addressed with improved checks.

CVE-2021-1766: Danny Rosseau of Carve Systems

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1785: Xingwei Lin of Ant Security Light-Year Lab

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1744: Xingwei Lin of Ant Security Light-Year Lab

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause unexpected application
termination or arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2021-1818: Xingwei Lin from Ant-Financial Light-Year Security Lab

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: This issue was addressed with improved checks.

CVE-2021-1746: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin & Qi
Sun of Trend Micro

CVE-2021-1793: Xingwei Lin of Ant Security Light-Year Lab

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1741: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-1743: Xingwei Lin of Ant Security Light-Year Lab, and Mickey Jin &
Junzhi Lu of Trend Micro

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to a denial of service

Description: An out-of-bounds read issue existed in the curl. This issue was
addressed with improved bounds checking.

CVE-2021-1778: Xingwei Lin of Ant Security Light-Year Lab

Entry added February 1, 2021

ImageIO

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An access issue was addressed with improved memory management.

CVE-2021-1783: Xingwei Lin of Ant Security Light-Year Lab

Entry added February 1, 2021

IOSkywalkFamily

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A local attacker may be able to elevate their privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1757: Proteas and Pan ZhenPeng (@Peterpan0927) of Alibaba Security

Entry added February 1, 2021

iTunes Store

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted URL may lead to arbitrary javascript
code execution

Description: A validation issue was addressed with improved input sanitization.

CVE-2021-1748: CodeColorist of Ant-Financial Light-Year Labs

Entry added February 1, 2021

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause a denial of service

Description: A use after free issue was addressed with improved memory
management.

CVE-2021-1764: Maxime Villard (@m00nbsd)

Entry added February 1, 2021

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel
privileges

Description: Multiple issues were addressed with improved logic.

CVE-2021-1750: @0xalsr

Entry added February 1, 2021

Kernel

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges. Apple is
aware of a report that this issue may have been actively exploited.

Description: A race condition was addressed with improved locking.

CVE-2021-1782: an anonymous researcher

Messages

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A malicious application may be able to leak sensitive user information

Description: A privacy issue existed in the handling of Contact cards. This was
addressed with improved state management.

CVE-2021-1781: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added February 1, 2021

Model I/O

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-1763: Mickey Jin of Trend Micro

Entry added February 1, 2021

Model I/O

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1768: Mickey Jin & Junzhi Lu of Trend Micro

Entry added February 1, 2021

Model I/O

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input
validation.

CVE-2021-1745: Mickey Jin & Junzhi Lu of Trend Micro

Entry added February 1, 2021

Model I/O

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected
application termination or arbitrary code execution

Description: An out-of-bounds write was addressed with improved input
validation.

CVE-2021-1762: Mickey Jin of Trend Micro

Entry added February 1, 2021

Model I/O

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to heap corruption

Description: This issue was addressed with improved checks.

CVE-2021-1767: Mickey Jin & Junzhi Lu of Trend Micro

Entry added February 1, 2021

Model I/O

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code
execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-1753: Mickey Jin of Trend Micro

Entry added February 1, 2021

Phone Keypad

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: An attacker with physical access to a device may be able to see private
contact information

Description: A lock screen issue allowed access to contacts on a locked device.
This issue was addressed with improved state management.

CVE-2021-1756: Ryan Pickren (ryanpickren.com)

Entry added February 1, 2021

Swift

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A malicious attacker with arbitrary read and write capability may be
able to bypass Pointer Authentication

Description: A logic issue was addressed with improved validation.

CVE-2021-1769: CodeColorist of Ant-Financial Light-Year Labs

Entry added February 1, 2021

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code
execution

Description: A use after free issue was addressed with improved memory
management.

CVE-2021-1788: Francisco Alonso (@revskills)

Entry added February 1, 2021

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code
execution

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-1789: @S0rryMybad of 360 Vulcan Team

Entry added February 1, 2021

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: Maliciously crafted web content may violate iframe sandboxing policy

Description: This issue was addressed with improved iframe sandbox enforcement.

CVE-2021-1801: Eliya Stein of Confiant

Entry added February 1, 2021

WebKit

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause arbitrary code execution. Apple
is aware of a report that this issue may have been actively exploited.

Description: A logic issue was addressed with improved restrictions.

CVE-2021-1871: an anonymous researcher

CVE-2021-1870: an anonymous researcher

WebRTC

Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and
later, and iPod touch (7th generation)

Impact: A malicious website may be able to access restricted ports on arbitrary
servers

Description: A port redirection issue was addressed with additional port
validation.

CVE-2021-1799: Gregory Vishnepolsky & Ben Seri of Armis Security, and Samy
Kamkar

Entry added February 1, 2021


Additional recognition

iTunes Store

We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for
their assistance.

Entry added February 1, 2021

Kernel

We would like to acknowledge Junzhi Lu (@pwn0rz), Mickey Jin & Jesse Change of
Trend Micro for their assistance.

Entry added February 1, 2021

libpthread

We would like to acknowledge CodeColorist of Ant-Financial Light-Year Labs for
their assistance.

Entry added February 1, 2021

Mail

We would like to acknowledge Yi?it Can YILMAZ (@yilmazcanyigit) and an
anonymous researcher for their assistance.

Entry added February 1, 2021

Store Demo

We would like to acknowledge @08Tc3wBB for their assistance.

Entry added February 1, 2021

WebRTC

We would like to acknowledge Philipp Hancke for their assistance.

Entry added February 1, 2021

Wi-Fi

We would like to acknowledge an anonymous researcher for their assistance.

Entry added February 1, 2021

Information about products not manufactured by Apple, or independent websites
not controlled or tested by Apple, is provided without recommendation or
endorsement. Apple assumes no responsibility with regard to the selection,
performance, or use of third-party websites or products. Apple makes no
representations regarding third-party website accuracy or reliability. Contact
the vendor for additional information.

Published Date: February 01, 2021

- --------------------------END INCLUDED TEXT--------------------

You have received this e-mail bulletin as a result of your organisation's
registration with AusCERT. The mailing list you are subscribed to is
maintained within your organisation, so if you do not wish to continue
receiving these bulletins you should contact your local IT manager. If
you do not know who that is, please send an email to auscert@auscert.org.au
and we will forward your request to the appropriate person.

NOTE: Third Party Rights
This security bulletin is provided as a service to AusCERT's members.  As
AusCERT did not write the document quoted above, AusCERT has had no control
over its content. The decision to follow or act on information or advice
contained in this security bulletin is the responsibility of each user or
organisation, and should be considered in accordance with your organisation's
site policies and procedures. AusCERT takes no responsibility for consequences
which may arise from following or acting on information or advice contained in
this security bulletin.

NOTE: This is only the original release of the security bulletin.  It may
not be updated when updates to the original are made.  If downloading at
a later date, it is recommended that the bulletin is retrieved directly
from the author's website to ensure that the information is still current.

Contact information for the authors of the original document is included
in the Security Bulletin above.  If you have any questions or need further
information, please contact them directly.

Previous advisories and external security bulletins can be retrieved from:

        https://www.auscert.org.au/bulletins/

===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967

iQIVAwUBYBjTZ+NLKJtyKPYoAQjM0A/9FjBKg3JjcLbZX7MqEqdNcEG+6e/L9g5c
ON7p9cYCJ4ej8Cv6TcaQNMFskGDkMbf2igt3FhZzK1h/uzMfvUtk5gRWASkOtykF
8DTmzllxCfJYNWBzzhEb5duVIqbCEmGZ1IPr4IbsG/CN/AZP2aedaFpkmhaJO5fo
LSk1vmx79S6tfXiZkj2L2ktBhzYhy5bSowgDFLPImoZoEDSLMjMGhl2CZ/I5bq/v
Cg2USLu6eTWqsgTi+gWERd2mfw545g1iP2HZmfoxhaXgubt5ebG34xc3+61AauDZ
q2NQBgWdEnqw/fBv7DhlX75MFBy0Z2BrESiUode5F/JKT5sq/ku8+urOaflWj0Pz
df15fWK9mWxDAnC3Qq1EEyNCYtrjf+DIT6nWl1jmzwrknSC8niqhrtCoHQ9CkJW0
xr7fl38D0lUMewUl72pyKkEQcQSeVWw2pecWzgV6VkwkANA/mLzz9w2BG75pkkQB
TkDl4CBhmI5WoAwZ1PGrXNge3k4kNe3Ux59Q5uva+jxErbZEIdkT7lJ6hD2QZdmB
LbAev2U5nXRd4/NEYZD+KV4kAZ4cEwNrx7pQkfv3NGly6PcQI8wxVne5Of+FsA4M
dhbpVyWEEeJQJH2oa6KY8kPEANkCWUTSO0AtnEorqvTTXmmONDWZ+Pc7d8mQJHVD
G9plQqcuvZw=
=JXVq
-----END PGP SIGNATURE-----