Released May 24, 2021
Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative
Audio
Available for: iPhone 6s and later, May 24, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th 2021Free Activators Parsing a maliciously crafted May 24 file may lead to disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro
AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation 2021Free Activators later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to cause unexpected system termination or write kernel memory
Description: A race condition was addressed with improved state handling.
CVE-2021-30714: @08Tc3wBB of ZecOps, and George Nosenko
CommCenter
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A device may accept invalid activation results
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30729: CHRISTIAN MINA
Core Services
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)
CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose restricted memory
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30686: Mickey Jin of Trend Micro
CoreText
Available for: iPhone 6s and later, May 24, iPad Pro (all models), 2021Free Activators, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th May 24 An out-of-bounds read was addressed with improved input validation
Description: Processing a maliciously crafted font may result in the disclosure of process memory.
CVE-2021-30733: Sunglin from the Knownsec 404
CVE-2021-30753: Xingwei Lin of Ant Security Light-Year Lab
Entry added July 21, 2021
Crash Reporter
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts of the file system
Description: A logic issue was addressed with improved state management.
CVE-2021-30727: Cees Elzinga
CVMS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A local attacker may be able to elevate their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) 2021Free Activators Trend Micro
FontParser
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted font file may lead to arbitrary code execution
Description: An out-of-bounds 2021Free Activators was addressed with improved input validation.
CVE-2021-30771: Mickey Jin (@patch1t) of Trend Micro, May 24, CFF of Topsec Alpha Team
Entry added January 19, 2022
Heimdal
Available for: iPhone 6s and later, iPad 2021Free Activators (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A local user may be able to leak sensitive user 2021Free Activators A logic issue was addressed with improved state management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)
Heimdal
Available for: iPhone 6s and later, 2021Free Activators, iPad Pro (all models), May 24, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may cause a denial of service or potentially disclose memory contents
Description: A memory corruption issue was addressed with improved May 24 management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu May 24 for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted ASTC file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security
ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, 2021Free Activators, iPad 5th generation and later, 2021Free Activators, iPad mini 4 and later, and iPod touch (7th generation)
Impact: This issue was addressed with improved checks
Description: Processing a maliciously crafted image may lead to disclosure of user information.
CVE-2021-30706: Anonymous working with Trend Micro Zero Day Initiative, Jzhu working with Trend Micro Zero Day Initiative
Entry added July 21, 2021
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: This issue was addressed with improved checks.
CVE-2021-30674: Siddharth Aeri (@b1n4r1b01)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, 2021Free Activators, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A logic issue was addressed with improved state management.
CVE-2021-30704: an anonymous researcher
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), May 24, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted message may lead to a denial of service
Description: A logic issue was addressed with improved May 24 management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A buffer overflow was addressed with improved size validation.
CVE-2021-30736: Ian Beer of Google Project Zero
Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A 2021Free Activators free issue was addressed with improved memory management
Description: An application may be able to execute arbitrary code with kernel privileges.
CVE-2021-30703: an anonymous researcher
Entry added July 21, 2021
LaunchServices
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to break out of its sandbox
Description: This issue was addressed with improved environment sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)
Mail
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination
Description: A use after free issue was addressed with improved memory management.
CVE-2021-30741: SYMaster of ZecOps Mobile EDR Team
MediaRemote
Available for: iPhone 6s and later, iPad Pro (all models), May 24 Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A privacy issue in Now Playing was addressed with improved permissions
Description: A local attacker may be able to view Now Playing information from the lock screen.
CVE-2021-30756: Ricky D'Amelio, Jatayu Holznagel (@jholznagel)
Entry added July 21, 2021
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may May 24 memory contents
Description: An information disclosure issue was addressed with improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro 2021Free Activators models), iPad Air 2 and later, iPad 5th generation and later, iPad May 24 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: An out-of-bounds read was addressed with improved bounds checking.
CVE-2021-30695: May 24 Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input validation.
CVE-2021-30708: Mickey Jin iobit uninstaller 8.5.0.6 key Free Activators & Junzhi Lu (@pwn0rz) of Trend Micro
Model I/O
Available for: May 24 6s and later, May 24 Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro
Networking
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Visiting a maliciously crafted webpage may lead to a system denial of service
Description: A logic issue was addressed with improved state management.
CVE-2021-1821: Georgi Valkov (httpstorm.com)
Entry added January 19, 2022
Notes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may be able to view restricted content from the lockscreen
Description: A window management issue was wonderfox dvd video converter 15.1 license key with improved state management.
CVE-2021-30699: videosdebarraquito
Safari
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A user may be unable to fully delete browsing history
Description: The issue was addressed with improved permissions logic.
CVE-2021-30999: an anonymous researcher
Entry added May 25, 2022
Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.
CVE-2021-30737: xerub
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), May 24, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A use after free issue May 24 addressed with improved memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, May 24, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: Prakash (@1lastBr3ath)
Entry updated on July 21, 2021
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to universal cross site scripting
Description: A logic issue was addressed with improved state management.
CVE-2021-30689: an anonymous researcher
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: Multiple memory corruption issues were addressed with improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) iobit disk defrag crack Free Activators with Trend Micro Zero Day Initiative
WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)
WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 2021Free Activators later, iPad 5th generation and later, 2021Free Activators, iPad mini 4 and later, and iPod touch (7th generation)
Impact: A remote attacker may be able 2021Free Activators cause a denial of service
Description: A null pointer dereference was addressed with improved input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google
Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, 2021Free Activators, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
Impact: An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism
Description: A logic issue was addressed with improved validation.
CVE-2021-30667: Raul Siles of DinoSec (@dinosec)
0 Comments