CVE-2021-30860
CVE-2021-30860
In short
A flaw in how Apple's PDF reader handles certain numbers can cause it to crash or run malicious code. This happens when you open a specially crafted PDF file, and attackers may have already been using this to harm users.
Technical detail
An integer overflow vulnerability in Apple's PDF processing (CWE-190) allows remote code execution through a maliciously crafted PDF. The attack requires no user authentication beyond opening the file, and the issue affects iOS, macOS, and watchOS platforms. Exploitation has been observed in active attacks in the wild.
Summary generated and translated by AI from the official description.
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
public PoCs found — 2
githubgithub.com/jeffssh/CVE-2021-30860★ 100githubgithub.com/Levilutz/CVE-2021-30860★ 11⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://seclists.org/fulldisclosure/2021/Sep/25http://seclists.org/fulldisclosure/2021/Sep/26http://seclists.org/fulldisclosure/2021/Sep/27http://seclists.org/fulldisclosure/2021/Sep/28http://seclists.org/fulldisclosure/2021/Sep/38http://seclists.org/fulldisclosure/2021/Sep/39http://seclists.org/fulldisclosure/2021/Sep/40http://seclists.org/fulldisclosure/2021/Sep/50https://security.gentoo.org/glsa/202209-21https://support.apple.com/en-us/HT212804https://support.apple.com/en-us/HT212805https://support.apple.com/en-us/HT212806