CVE-2021-30883 - 漏洞详情

CVE-2021-30883 (CNNVD-202108-1974)

HIGH

中文标题:

Apple 多款产品缓冲区错误漏洞

英文标题:

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15...

CVSS分数: 7.8

发布时间: 2021-08-24 18:49:47

漏洞类型: 缓冲区错误

状态: PUBLISHED

数据质量分数: 0.30

数据版本: v3

漏洞描述

中文描述:

Apple iOS等都是美国苹果（Apple）公司的产品。Apple iOS是一套为移动设备所开发的操作系统。Apple tvOS是一套智能电视操作系统。Apple watchOS是一套智能手表操作系统。 Apple 多款产品存在缓冲区错误漏洞，应用程序可以利用该漏洞使用内核特权执行任意代码。该漏洞在以下版本中被修复：iOS 15.0.2和iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1和iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1。

英文描述:

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CWE类型:

CWE-787

受影响产品

厂商	产品	版本	版本范围	平台	CPE
Apple	iOS and iPadOS	-	< 15.0	-	`cpe:2.3:a:apple:ios_and_ipados::::::::`
Apple	macOS	-	< 12.0	-	`cpe:2.3:a:apple:macos::::::::`
apple	ipados	*	-	-	`cpe:2.3:o:apple:ipados::::::::`
apple	iphone_os	*	-	-	`cpe:2.3:o:apple:iphone_os::::::::`
apple	macos	*	-	-	`cpe:2.3:o:apple:macos::::::::`
apple	macos	12.0	-	-	`cpe:2.3:o:apple:macos:12.0:::::::*`
apple	tvos	*	-	-	`cpe:2.3:o:apple:tvos::::::::`
apple	watchos	*	-	-	`cpe:2.3:o:apple:watchos::::::::`

解决方案

中文解决方案:

（暂无数据）

英文解决方案:

（暂无数据）