This dashboard displays the latest vulnerabilities published by the Cybersecurity & Infrastructure Security Agency (CISA).
CVE-2020-27930
Vendor: Apple
Product: Multiple Products
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Apple iOS, iPadOS, macOS, and watchOS FontParser contain a memory corruption vulnerability which may allow for code execution when processing maliciously crafted front.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30807
Vendor: Apple
Product: Multiple Products
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS, iPadOS, macOS, and watchOS IOMobileFrameBuffer contain a memory corruption vulnerability which may allow an application to execute code with kernel privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-27950
Vendor: Apple
Product: Multiple Products
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Apple iOS, iPadOS, macOS, and watchOS contain a memory initialization vulnerability that may allow a malicious application to disclose kernel memory.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-27932
Vendor: Apple
Product: Multiple Products
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Apple iOS, iPadOS, macOS, and watchOS contain a type confusion vulnerability that may allow a malicious application to execute code with kernel privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-9818
Vendor: Apple
Product: iOS, iPadOS, and watchOS
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Apple iOS, iPadOS, and watchOS Mail contains an out-of-bounds write vulnerability which may allow memory modification or application termination when processing a maliciously crafted mail message.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2020-9819
Vendor: Apple
Product: iOS, iPadOS, and watchOS
Added: 2021-11-03
Due Date: 2022-05-03
Description:
Apple iOS, iPadOS, and watchOS Mail contains a memory corruption vulnerability that may allow heap corruption when processing a maliciously crafted mail message.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30762
Vendor: Apple
Product: iOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS WebKit contains a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1782
Vendor: Apple
Product: Multiple Products
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS, iPadOs, macOS, watchOS, and tvOS contain a race condition vulnerability that may allow a malicious application to elevate privileges.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1870
Vendor: Apple
Product: iOS, iPadOS, and macOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1871
Vendor: Apple
Product: iOS, iPadOS, and macOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-1879
Vendor: Apple
Product: iOS, iPadOS, and watchOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30661
Vendor: Apple
Product: Multiple Products
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30666
Vendor: Apple
Product: iOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple iOS WebKit contains a buffer-overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30713
Vendor: Apple
Product: macOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.
Required Action:
Apply updates per vendor instructions.
CWEs:
CVE-2021-30657
Vendor: Apple
Product: macOS
Added: 2021-11-03
Due Date: 2021-11-17
Description:
Apple macOS contains an unspecified logic issue in System Preferences that may allow a malicious application to bypass Gatekeeper checks.
Required Action:
Apply updates per vendor instructions.
CWEs: