CVE-2021-30835

moderate-risk

Published 2021-10-19

This issue was addressed with improved checks. This issue is fixed in Security Update 2021-005 Catalina, iTunes 12.12 for Windows, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing a maliciously crafted image may lead to arbitrary code execution.

Do I need to act?

0.40% chance of exploitation

EPSS score — low exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (17)

Itunes

Ipados

Iphone Os

Mac Os X

Macos

Tvos

Watchos

Affected Vendors

Apple

References (20)

Mailing List http://seclists.org/fulldisclosure/2021/Oct/61

Mailing List http://seclists.org/fulldisclosure/2021/Oct/62

Mailing List http://seclists.org/fulldisclosure/2021/Oct/63

Vendor Advisory https://support.apple.com/en-us/HT212805

Vendor Advisory https://support.apple.com/en-us/HT212814

Vendor Advisory https://support.apple.com/en-us/HT212815

Vendor Advisory https://support.apple.com/en-us/HT212817

Vendor Advisory https://support.apple.com/en-us/HT212819

Vendor Advisory https://support.apple.com/kb/HT212804

Vendor Advisory https://support.apple.com/kb/HT212953