CVE-2021-31010 — HIGH (7.5)

Q: How severe is CVE-2021-31010?

CVE-2021-31010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2021-31010?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Mac Os X, Apple Macos, Apple Watchos.

Vulnerability Description

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

HIGH

Availability

NONE

Affected Products

Vendor	Product	Versions
Apple	Ipados	< 14.8
Apple	Iphone Os	>= 12.0, < 12.5.5
Apple	Mac Os X	>= 10.15, < 10.15.7
Apple	Macos	>= 11.0, < 11.6
Apple	Watchos	< 7.6.2

Related Weaknesses (CWE)

CWE-502

References

https://support.apple.com/en-us/HT212804Vendor Advisory
https://support.apple.com/en-us/HT212805Vendor Advisory
https://support.apple.com/en-us/HT212806Vendor Advisory
https://support.apple.com/en-us/HT212807Vendor Advisory
https://support.apple.com/en-us/HT212824Vendor Advisory
https://support.apple.com/en-us/HT212804Vendor Advisory
https://support.apple.com/en-us/HT212805Vendor Advisory
https://support.apple.com/en-us/HT212806Vendor Advisory
https://support.apple.com/en-us/HT212807Vendor Advisory
https://support.apple.com/en-us/HT212824Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-US Government Resource

FAQ

What is CVE-2021-31010?

CVE-2021-31010 is a vulnerability with a CVSS score of 7.5 (HIGH). A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A ...

How severe is CVE-2021-31010?

CVE-2021-31010 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2021-31010?

Check the references section above for vendor advisories and patch information. Affected products include: Apple Ipados, Apple Iphone Os, Apple Mac Os X, Apple Macos, Apple Watchos.