CVE-2021-30943

Published: Aug 24, 2021Modified: Nov 21, 2024

4.3

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

Exploitability: 2.8 / Impact: 1.4

Source: NVD

Description

An issue in the handling of group membership was resolved with improved logic. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1. A malicious user may be able to leave a messages group but continue to receive messages in that group.

Affected (4)

Products: Apple: Ipados, Iphone Os, Macos, Watchos

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.2
Apple Iphone Os	Before 15.2
Apple Macos	From 12.0.0 to 12.1
Apple Watchos	Before 8.3

Related CWEs

Insufficient Session Expiration

According to WASC, "Insufficient Session Expiration is when a web site permits an attacker to reuse old session credentials or session IDs for authorization."

References (6)

https://support.apple.com/en-us/HT212975

Source: product-security@apple.com

https://support.apple.com/en-us/HT212976

Source: product-security@apple.com

https://support.apple.com/en-us/HT212978

Source: product-security@apple.com

https://support.apple.com/en-us/HT212975

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT212976

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT212978

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.