CVE-2021-31000

Published: Aug 24, 2021Modified: Nov 21, 2024

3.3

Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N

Exploitability: 1.8 / Impact: 1.4

Source: NVD

Description

A permissions issue was addressed with improved validation. This issue is fixed in iOS 15.2 and iPadOS 15.2, watchOS 8.3, macOS Monterey 12.1, tvOS 15.2. A malicious application may be able to read sensitive contact information.

Affected (5)

Products: Apple: Ipados, Iphone Os, Macos, Tvos, Watchos

5 products

Configuration A

5 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.2
Apple Iphone Os	Before 15.2
Apple Macos	From 12.0.0 to 12.1
Apple Tvos	Before 15.2
Apple Watchos	Before 8.3

Related CWEs

CWE-276

Incorrect Default Permissions

During installation, installed file permissions are set to allow anyone to modify those files.

References (8)

https://support.apple.com/en-us/HT212975

Source: product-security@apple.com

https://support.apple.com/en-us/HT212976

Source: product-security@apple.com

https://support.apple.com/en-us/HT212978

Source: product-security@apple.com

https://support.apple.com/en-us/HT212980

Source: product-security@apple.com

https://support.apple.com/en-us/HT212975

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT212976

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT212978

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/en-us/HT212980

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.