| # |
CVE ID
|
CWE ID
|
# of Exploits
|
Vulnerability Type(s)
|
Publish Date
|
Update Date
|
Score
|
Gained Access Level
|
Access
|
Complexity
|
Authentication
|
Conf.
|
Integ.
|
Avail.
|
|
1 |
CVE-2010-1029 |
399 |
2
|
DoS Exec Code |
2010-03-19 |
2019-09-26 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in the WebCore::CSSSelector function in WebKit, as used in Apple Safari 4.0.4, Apple Safari on iPhone OS and iPhone OS for iPod touch, and Google Chrome 4.0.249, allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via a STYLE element composed of a large number of *> sequences. |
|
2 |
CVE-2014-8826 |
19 |
1
|
Bypass |
2015-01-30 |
2020-07-17 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
LaunchServices in Apple OS X before 10.10.2 does not properly handle file-type metadata, which allows attackers to bypass the Gatekeeper protection mechanism via a crafted JAR archive. |
|
3 |
CVE-2013-6114 |
190 |
1
|
DoS Overflow |
2013-11-04 |
2016-09-30 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Integer overflow in the OZDocument::parseElement function in Apple Motion 5.0.7 allows remote attackers to cause a denial of service (application crash) via a (1) large or (2) small value in the subview attribute of a viewer element in a .motn file. |
|
4 |
CVE-2009-3272 |
399 |
1
|
DoS |
2009-09-21 |
2017-09-19 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
Stack consumption vulnerability in WebKit.dll in WebKit in Apple Safari 3.2.3, and possibly other versions before 4.1.2, allows remote attackers to cause a denial of service (application crash) via JavaScript code that calls eval on a long string composed of A/ sequences. |
|
5 |
CVE-2022-26773 |
|
|
|
2022-05-26 |
2022-06-07 |
5.8 |
None |
Remote |
Medium |
Not required |
None |
Partial |
Partial |
|
A logic issue was addressed with improved state management. This issue is fixed in iTunes 12.12.4 for Windows. An application may be able to delete files for which it does not have permission. |
|
6 |
CVE-2022-26751 |
787 |
|
Exec Code Mem. Corr. |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved input validation. This issue is fixed in iTunes 12.12.4 for Windows, iOS 15.5 and iPadOS 15.5, Security Update 2022-004 Catalina, macOS Big Sur 11.6.6, macOS Monterey 12.4. Processing a maliciously crafted image may lead to arbitrary code execution. |
|
7 |
CVE-2022-26748 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds write issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
8 |
CVE-2022-26747 |
|
|
+Priv |
2022-05-26 |
2022-06-07 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in Xcode 13.4. An app may be able to gain elevated privileges. |
|
9 |
CVE-2022-26743 |
787 |
|
Exec Code |
2022-05-26 |
2022-06-07 |
6.9 |
None |
Local |
Medium |
Not required |
Complete |
Complete |
Complete |
|
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in macOS Monterey 12.4. An attacker that has already achieved code execution in macOS Recovery may be able to escalate to kernel privileges. |
|
10 |
CVE-2022-26725 |
|
|
|
2022-05-26 |
2022-06-07 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.4. Photo location information may persist after it is removed with Preview Inspector. |
|
11 |
CVE-2022-26718 |
125 |
|
+Priv |
2022-05-26 |
2022-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in macOS Monterey 12.4, macOS Big Sur 11.6.6. An application may be able to gain elevated privileges. |
|
12 |
CVE-2022-26704 |
59 |
|
+Priv |
2022-05-26 |
2022-06-08 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A validation issue existed in the handling of symlinks and was addressed with improved validation of symlinks. This issue is fixed in macOS Monterey 12.4. An app may be able to gain elevated privileges. |
|
13 |
CVE-2022-26698 |
125 |
|
|
2022-05-26 |
2022-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read issue was addressed with improved bounds checking. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
14 |
CVE-2022-26697 |
125 |
|
|
2022-05-26 |
2022-06-08 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read issue was addressed with improved input validation. This issue is fixed in Security Update 2022-004 Catalina, macOS Monterey 12.4, macOS Big Sur 11.6.6. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
15 |
CVE-2022-26694 |
|
|
|
2022-05-26 |
2022-06-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. |
|
16 |
CVE-2022-26693 |
|
|
|
2022-05-26 |
2022-06-03 |
6.4 |
None |
Remote |
Low |
Not required |
Partial |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.4. A plug-in may be able to inherit the application's permissions and access user data. |
|
17 |
CVE-2022-24668 |
|
|
DoS |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A program using swift-nio-http2 is vulnerable to a denial of service attack caused by a network peer sending ALTSVC or ORIGIN frames. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error after frame parsing but before frame handling. ORIGIN and ALTSVC frames are not currently supported by swift-nio-http2, and should be ignored. However, one code path that encounters them has a deliberate trap instead. This was left behind from the original development process and was never removed. Sending an ALTSVC or ORIGIN frame does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send one of these frames. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send these frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself. This is a controlled, intentional crash. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. |
|
18 |
CVE-2022-24667 |
190 |
|
DoS Overflow |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HPACK-encoded header block. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. There are a number of implementation errors in the parsing of HPACK-encoded header blocks that allow maliciously crafted HPACK header blocks to cause crashes in processes using swift-nio-http2. Each of these crashes is triggered instead of an integer overflow. A malicious HPACK header block could be sent on any of the HPACK-carrying frames in a HTTP/2 connection (HEADERS and PUSH_PROMISE), at any position. Sending a HPACK header block does not require any special permission, so any HTTP/2 connection peer may send one. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted field block. The impact on availability is high: receiving a frame carrying this field block immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted field blocks, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the field block in memory-safe code and the crash is triggered instead of an integer overflow. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle all conditions in the function. The principal issue was found by automated fuzzing by oss-fuzz, but several associated bugs in the same code were found by code audit and fixed at the same time |
|
19 |
CVE-2022-24666 |
|
|
DoS |
2022-02-09 |
2022-02-22 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
A program using swift-nio-http2 is vulnerable to a denial of service attack, caused by a network peer sending a specially crafted HTTP/2 frame. This attack affects all swift-nio-http2 versions from 1.0.0 to 1.19.1. This vulnerability is caused by a logical error when parsing a HTTP/2 HEADERS frame where the frame contains priority information without any other data. This logical error caused confusion about the size of the frame, leading to a parsing error. This parsing error immediately crashes the entire process. Sending a HEADERS frame with HTTP/2 priority information does not require any special permission, so any HTTP/2 connection peer may send such a frame. For clients, this means any server to which they connect may launch this attack. For servers, anyone they allow to connect to them may launch such an attack. The attack is low-effort: it takes very little resources to send an appropriately crafted frame. The impact on availability is high: receiving the frame immediately crashes the server, dropping all in-flight connections and causing the service to need to restart. It is straightforward for an attacker to repeatedly send appropriately crafted frames, so attackers require very few resources to achieve a substantial denial of service. The attack does not have any confidentiality or integrity risks in and of itself: swift-nio-http2 is parsing the frame in memory-safe code, so the crash is safe. However, sudden process crashes can lead to violations of invariants in services, so it is possible that this attack can be used to trigger an error condition that has confidentiality or integrity risks. The risk can be mitigated if untrusted peers can be prevented from communicating with the service. This mitigation is not available to many services. The issue is fixed by rewriting the parsing code to correctly handle the condition. The issue was found by automated fuzzing by oss-fuzz. |
|
20 |
CVE-2022-22673 |
|
|
DoS |
2022-05-26 |
2022-06-03 |
5.0 |
None |
Remote |
Low |
Not required |
None |
None |
Partial |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.5 and iPadOS 15.5. Processing a large input may lead to a denial of service. |
|
21 |
CVE-2022-22666 |
787 |
|
Mem. Corr. |
2022-03-18 |
2022-05-12 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, watchOS 8.5. Processing a maliciously crafted image may lead to heap corruption. |
|
22 |
CVE-2022-22664 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
23 |
CVE-2022-22657 |
665 |
|
Exec Code |
2022-03-18 |
2022-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory initialization issue was addressed with improved memory handling. This issue is fixed in Logic Pro 10.7.3, GarageBand 10.4.6, macOS Monterey 12.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
24 |
CVE-2022-22653 |
20 |
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
A logic issue was addressed with improved restrictions. This issue is fixed in iOS 15.4 and iPadOS 15.4. A malicious website may be able to access information about the user and their devices. |
|
25 |
CVE-2022-22643 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
This issue was addressed with improved checks. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. A user may send audio and video in a FaceTime call without knowing that they have done so. |
|
26 |
CVE-2022-22639 |
269 |
|
+Priv |
2022-03-18 |
2022-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A logic issue was addressed with improved state management. This issue is fixed in iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3. An application may be able to gain elevated privileges. |
|
27 |
CVE-2022-22627 |
787 |
|
|
2022-03-18 |
2022-03-26 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
28 |
CVE-2022-22626 |
125 |
|
|
2022-03-18 |
2022-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
29 |
CVE-2022-22625 |
125 |
|
|
2022-03-18 |
2022-03-28 |
5.8 |
None |
Remote |
Medium |
Not required |
Partial |
None |
Partial |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. |
|
30 |
CVE-2022-22620 |
416 |
|
Exec Code |
2022-03-18 |
2022-03-26 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Monterey 12.2.1, iOS 15.3.1 and iPadOS 15.3.1, Safari 15.3 (v. 16612.4.9.1.8 and 15612.4.9.1.8). Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
|
31 |
CVE-2022-22612 |
119 |
|
Overflow Mem. Corr. |
2022-03-18 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory consumption issue was addressed with improved memory handling. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to heap corruption. |
|
32 |
CVE-2022-22611 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-24 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved input validation. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, iTunes 12.12.3 for Windows, watchOS 8.5, macOS Monterey 12.3. Processing a maliciously crafted image may lead to arbitrary code execution. |
|
33 |
CVE-2022-22609 |
|
|
|
2022-03-18 |
2022-03-24 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
The issue was addressed with additional permissions checks. This issue is fixed in tvOS 15.4, iOS 15.4 and iPadOS 15.4, macOS Monterey 12.3, watchOS 8.5. A malicious application may be able to read other applications' settings. |
|
34 |
CVE-2022-22608 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
35 |
CVE-2022-22607 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
36 |
CVE-2022-22606 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
37 |
CVE-2022-22605 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
38 |
CVE-2022-22604 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
39 |
CVE-2022-22603 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
40 |
CVE-2022-22602 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
41 |
CVE-2022-22601 |
125 |
|
Exec Code |
2022-03-18 |
2022-03-23 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in Xcode 13.3. Opening a maliciously crafted file may lead to unexpected application termination or arbitrary code execution. |
|
42 |
CVE-2022-22597 |
787 |
|
Exec Code Mem. Corr. |
2022-03-18 |
2022-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.6.5, macOS Monterey 12.3, Security Update 2022-003 Catalina. Processing a maliciously crafted file may lead to arbitrary code execution. |
|
43 |
CVE-2022-22590 |
416 |
|
Exec Code |
2022-03-18 |
2022-03-25 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, Safari 15.3, macOS Monterey 12.2. Processing maliciously crafted web content may lead to arbitrary code execution. |
|
44 |
CVE-2022-22585 |
59 |
|
|
2022-03-18 |
2022-03-28 |
5.0 |
None |
Remote |
Low |
Not required |
Partial |
None |
None |
|
An issue existed within the path validation logic for symlinks. This issue was addressed with improved path sanitization. This issue is fixed in iOS 15.3 and iPadOS 15.3, watchOS 8.4, tvOS 15.3, macOS Monterey 12.2, macOS Big Sur 11.6.3. An application may be able to access a user's files. |
|
45 |
CVE-2022-22584 |
787 |
|
Exec Code Mem. Corr. |
2022-03-18 |
2022-03-28 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A memory corruption issue was addressed with improved validation. This issue is fixed in tvOS 15.3, iOS 15.3 and iPadOS 15.3, watchOS 8.4, macOS Monterey 12.2. Processing a maliciously crafted file may lead to arbitrary code execution. |
|
46 |
CVE-2022-0128 |
125 |
|
|
2022-01-06 |
2022-05-17 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
vim is vulnerable to Out-of-bounds Read |
|
47 |
CVE-2021-31010 |
502 |
|
|
2021-08-24 |
2022-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. |
|
48 |
CVE-2021-31008 |
843 |
|
Exec Code |
2021-08-24 |
2022-05-31 |
6.8 |
None |
Remote |
Medium |
Not required |
Partial |
Partial |
Partial |
|
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution. |
|
49 |
CVE-2021-31005 |
|
|
|
2021-08-24 |
2022-05-31 |
5.0 |
None |
Remote |
Low |
Not required |
None |
Partial |
None |
|
Description: A logic issue was addressed with improved state management. This issue is fixed in iOS 15 and iPadOS 15, macOS Monterey 12.0.1. Turning off "Block all remote content" may not apply to all remote content types. |
|
50 |
CVE-2021-31004 |
362 |
|
+Priv |
2021-08-24 |
2022-05-31 |
5.1 |
None |
Remote |
High |
Not required |
Partial |
Partial |
Partial |
|
A race condition was addressed with improved locking. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.5. An application may be able to gain elevated privileges. |
