CVE-2021-30860

Description from NVD

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Information Acquisition Date:2022-08-23T13:06Z
CVSS 2.0: 6.8 MEDIUM CVSS 3.x: 7.8 HIGH

▼ CVSS3 Vec CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

▼ CVSS2 Vec AV:N/AC:M/Au:N/C:P/I:P/A:P

NVD References

 https://support.apple.com/en-us/HT212806
     source:MISC
     tags:Vendor Advisory    
 https://support.apple.com/en-us/HT212807
     source:MISC
     tags:Vendor Advisory    
 https://support.apple.com/en-us/HT212804
     source:MISC
     tags:Vendor Advisory    
 https://support.apple.com/en-us/HT212805
     source:MISC
     tags:Vendor Advisory    
 20210917 APPLE-SA-2021-09-13-2 watchOS 7.6.2
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 20210917 APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 20210921 APPLE-SA-2021-09-20-8 Additional information for APPLE-SA-2021-09-13-4 Security Update 2021-005 Catalina
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    
 https://support.apple.com/kb/HT212824
     source:CONFIRM
     tags:Vendor Advisory    
 20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5
     source:FULLDISC
     tags:Mailing List    Third Party Advisory    

Refer to Information on External Sites

CVE InfomationExploits or more Infomation
mitreEXPLOIT DATABASE
NVD0day.today
vulmon.comgithub
CVE DetailsTwitter
JVN ENG JPN
Reconshell

Software Tag: Apple(1 tweets)

List of frequently cited URLs

URLNum of Times Referred to
https://alerts.vulmon.com/?utm_source=twitter&utm_medium=so...175
https://lists.astaro.com/ASGV9-IPS-rules.html#037
https://us-cert.cisa.gov/ncas/current-activity/2021/09/13/a...12
https://thehackernews.com/2021/09/urgent-apple-ios-and-maco...8
https://twitter.com/citizenlab/status/14374996285267517605
https://www.helpnetsecurity.com/2021/09/14/cve-2021-30860/5
https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-...4
https://bit.ly/2WtwYQH3
https://cyberiqs.com/what-you-need-to-know-about-cve-2021-3...3
https://www.sans.org/u/1hL53
https://citizenlab.ca/2021/09/forcedentry-nso-group-imessag...3
https://blog.zecops.com/research/the-recent-ios-0-click-cve...3
https://objective-see.com/blog/blog_0x67.html3
https://support.apple.com/en-us/HT2012223
https://www.trendmicro.com/en_us/research/21/i/analyzing-pe...3
https://research.trendmicro.com/3EnC95Y3

Information from Twitter

User URL Info Source Date
Sezerhk https://szrce.medium.com/zero-click-exploit-nso-group-imess... Source Sezerhk          1646172768709296133 2023/04/13

List of frequently cited URLs

URLNum of Times Referred to
alerts.vulmon.com175
lists.astaro.com37
us-cert.cisa.gov12
thehackernews.com8
twitter.com5
www.helpnetsecurity.com5
googleprojectzero.blogspot.com4
bit.ly3
cyberiqs.com3
www.sans.org3
citizenlab.ca3
blog.zecops.com3
objective-see.com3
support.apple.com3
www.trendmicro.com3
research.trendmicro.com3

Information from Twitter

User URL Info Source
Sezerhk szrce.medium.com Show Tweet
GitHub Search Results: Up to 10
NameURL
Levilutz/CVE-2021-30860 https://github.com/Levilutz/CVE-2021-30860
AlAIAL90/CVE-2021-30860 https://github.com/AlAIAL90/CVE-2021-30860
GitHub Search Results: Up to 10
NameURL
Levilutz/CVE-2021-30860 github.com
AlAIAL90/CVE-2021-30860 github.com
2023/04/13 Score : 0
Added Har-sia Database : 2021/09/14
Last Modified : 2023/04/13
Highest Scored Date : 2021/09/14
Highest Score : 106