CVE-2021-30713

Warnung

EPSS 0.14%
Veröffentlicht 08.09.2021 15:15:15
Zuletzt bearbeitet 28.02.2025 14:44:48
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

Betroffene Produkte Warnungen 1 Metriken 4 CWE 2 Referenzen 6

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ macOS X Version >= 10.15 <= 10.15.7

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS Version < 11.4

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple macOS Unspecified Vulnerability

Schwachstelle

Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.14%	0.351

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://seclists.org/fulldisclosure/2021/Sep/40

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT212805

Vendor Advisory

Release Notes

https://support.apple.com/en-us/HT212529

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-30713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30713

EUVD