CVE-2021-1849

Description

An issue in code signature validation was addressed with improved checks. This issue is fixed in macOS Big Sur 11.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. A malicious application may be able to bypass Privacy preferences.

Related CPE's

o apple ipados ********

o apple iphone_os ********

o apple macos ********

o apple tvos ********

o apple watchos ********

References

https://support.apple.com/en-us/HT212317

Vendor Advisory

https://support.apple.com/en-us/HT212325

Vendor Advisory

https://support.apple.com/en-us/HT212323

Vendor Advisory

https://support.apple.com/en-us/HT212324

Vendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	NETWORK
AvailabilityImpact	NONE
IntegrityImpact	NONE
PrivilegesRequired	NONE
BaseScore	7.5
VectorString	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version	3.1
UserInteraction	NONE

CvssV2 impact

AccessComplexity	LOW
ConfidentialityImpact	PARTIAL
AvailabilityImpact	NONE
IntegrityImpact	NONE
BaseScore	5
VectorString	AV:N/AC:L/Au:N/C:P/I:N/A:N
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io