Security Vulnerabilities - CVEs Published In September 2021
Processing a maliciously crafted image may lead to arbitrary code execution. This issue is fixed in Security Update 2021-002 Catalina, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. An out-of-bounds write issue was addressed with improved bounds checking.
CVSS Score
7.8
EPSS Score
0.005
Published
2021-09-08
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3. Locked Notes content may have been unexpectedly unlocked.
CVSS Score
7.5
EPSS Score
0.003
Published
2021-09-08
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A malicious application may be able to disclose kernel memory.
CVSS Score
6.5
EPSS Score
0.005
Published
2021-09-08
An issue existed in determining cache occupancy. The issue was addressed through improved logic. This issue is fixed in macOS Big Sur 11.3. A malicious website may be able to track users by setting state in a cache.
CVSS Score
4.3
EPSS Score
0.003
Published
2021-09-08
Description: A person with physical access may be able to access contacts. This issue is fixed in iOS 14.5 and iPadOS 14.5. Impact: An issue with Siri search access to information was addressed with improved logic.
CVSS Score
2.4
EPSS Score
0.001
Published
2021-09-08
An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number.
CVSS Score
2.4
EPSS Score
0.001
Published
2021-09-08
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.
CVSS Score
9.8
EPSS Score
0.017
Published
2021-09-08
An issue obscuring passwords in screenshots was addressed with improved logic. This issue is fixed in iOS 14.5 and iPadOS 14.5. A user's password may be visible on screen.
CVSS Score
5.0
EPSS Score
0.001
Published
2021-09-08
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.
CVSS Score
8.8
EPSS Score
0.004
Published
2021-09-08
A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.
CVSS Score
7.8
EPSS Score
0.001
Published
2021-09-08