CVE-2021-30786 - OpenCVE

A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution.

Attack Vector Local

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:H/Au:N/C:P/I:P/A:P

Vendors & Products
CPE Configurations

Vendors	Products
Apple	Iphone Os Macos

Configuration 1 [-]

OR	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:macos::::::::

References

Link	Resource
https://support.apple.com/en-us/HT212601	Release Notes Vendor Advisory
https://support.apple.com/en-us/HT212602	Release Notes Vendor Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: apple

Published: 2021-09-08T13:48:56

Updated: 2021-09-08T13:48:56

Reserved: 2021-04-13T00:00:00

Link: CVE-2021-30786

JSON object: View

NVD Information

Status : Analyzed

Published: 2021-09-08T14:15:11.263

Modified: 2021-09-21T14:53:11.100

Link: CVE-2021-30786

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"containers": {"cna": {"affected": [{"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "14.7", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.5", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution."}], "problemTypes": [{"descriptions": [{"description": "Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-09-08T13:48:56", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212601"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212602"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30786", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.7"}]}}, {"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.5"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution"}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212601", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212601"}, {"name": "https://support.apple.com/en-us/HT212602", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212602"}]}}}}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30786", "datePublished": "2021-09-08T13:48:56", "dateReserved": "2021-04-13T00:00:00", "dateUpdated": "2021-09-08T13:48:56", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "D3AF02B7-BF1F-483A-BA47-9B5B92AF1D29", "versionEndExcluding": "14.7", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "AE66C45C-B3D7-444B-AE70-8EF7A380295E", "versionEndExcluding": "11.5", "versionStartIncluding": "11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "A race condition was addressed with improved state handling. This issue is fixed in iOS 14.7, macOS Big Sur 11.5. Opening a maliciously crafted PDF file may lead to an unexpected application termination or arbitrary code execution."}, {"lang": "es", "value": "Se abord\u00f3 una condici\u00f3n de carrera con un manejo de estado mejorado. Este problema se corrigi\u00f3 en iOS versi\u00f3n 14.7, macOS Big Sur versi\u00f3n 11.5. La apertura de un archivo PDF dise\u00f1ado maliciosamente puede conllevar a una terminaci\u00f3n inesperada de la aplicaci\u00f3n o la ejecuci\u00f3n de c\u00f3digo arbitrario"}], "id": "CVE-2021-30786", "lastModified": "2021-09-21T14:53:11.100", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 5.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.0, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2021-09-08T14:15:11.263", "references": [{"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212601"}, {"source": "product-security@apple.com", "tags": ["Release Notes", "Vendor Advisory"], "url": "https://support.apple.com/en-us/HT212602"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}