Apple iOS/iPadOS CoreAudio out-of-bounds read

EntryeditHistoryDiffjsonxmlCTI

A vulnerability was found in Apple iOS and iPadOS (Smartphone Operating System) (the affected version is unknown). It has been declared as critical. This vulnerability affects an unknown code block of the component CoreAudio. Upgrading eliminates this vulnerability. A possible mitigation has been published immediately after the disclosure of the vulnerability.

Timeline

The analysis of the timeline helps to identify the required approach and handling of single vulnerabilities and vulnerability collections. This overview makes it possible to see less important slices and more severe hotspots at a glance. Initiating immediate vulnerability response and prioritizing of issues is possible.

User

Field

Commit Conf

Approve Conf

IDCommitedUserFieldChangeRemarksModeratedReasonC
1111514004/08/2021VulD...price_trend+see documentation04/08/2021accepted90
1111513904/08/2021VulD...price_0day$25k-$100ksee documentation04/08/2021accepted90
1111513804/08/2021VulD...cvss3_meta_tempscore6.0see documentation04/08/2021accepted90
1111513704/08/2021VulD...cvss3_meta_basescore6.3see documentation04/08/2021accepted90
1111513604/08/2021VulD...cvss3_vuldb_tempscore6.004/08/2021accepted90
1111513504/08/2021VulD...cvss3_vuldb_basescore6.304/08/2021accepted90
1111513404/08/2021VulD...cvss2_vuldb_tempscore6.504/08/2021accepted90
1111513304/08/2021VulD...cvss2_vuldb_basescore7.504/08/2021accepted90
1111513204/08/2021VulD...typeSmartphone Operating System04/08/2021accepted90
1111513104/08/2021VulD...cve_nvd_summaryAn out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.0.1, tvOS 14.0, macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update 2020-007 Mojave, watchOS 7.0, iOS 14.0 and iPadOS 14.0. Processing a maliciously crafted audio file may lead to arbitrary code execution.cve.mitre.org04/08/2021accepted70
1109416104/03/2021VulD...cve_assigned1583103600mitre.org04/03/2021accepted100
1109416004/03/2021VulD...cveCVE-2020-9960mitre.org04/03/2021accepted100
1109415904/03/2021VulD...date1607900400 (12/14/2020)04/03/2021accepted100
1109415804/03/2021VulD...nameUpgrade04/03/2021accepted100
1109415704/03/2021VulD...disputed004/03/2021accepted100
1109415604/03/2021VulD...person_nameJunDong Xie/XingWei Lin04/03/2021accepted100
1109415504/03/2021VulD...typeAdvisory04/03/2021accepted100
1109415404/03/2021VulD...locationWebsite04/03/2021accepted100
1109415304/03/2021VulD...date1607900400 (12/14/2020)04/03/2021accepted100
1109415204/03/2021VulD...cvss2_vuldb_rcC04/03/2021accepted100

Interested in the pricing of exploits?

See the underground prices here!