{ "id": "CVE-2021-1806", "sourceIdentifier": "product-security@apple.com", "published": "2021-04-02T19:15:20.227", "lastModified": "2021-05-04T19:35:30.203", "vulnStatus": "Analyzed", "descriptions": [ { "lang": "en", "value": "A race condition was addressed with additional validation. This issue is fixed in macOS Big Sur 11.2.1, macOS Catalina 10.15.7 Supplemental Update, macOS Mojave 10.14.6 Security Update 2021-002. An application may be able to execute arbitrary code with kernel privileges." }, { "lang": "es", "value": "Se abord\u00f3 una condici\u00f3n de carrera con una comprobaci\u00f3n adicional. Este problema es corregido en macOS Big Sur versi\u00f3n 11.2.1, Supplemental Update de macOS Catalina versi\u00f3n 10.15.7, Security Update de macOS Mojave versi\u00f3n 10.14.6 2021-002. Una aplicaci\u00f3n puede ser capaz de ejecutar c\u00f3digo arbitrario con privilegios de kernel." } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "attackVector": "LOCAL", "attackComplexity": "HIGH", "privilegesRequired": "NONE", "userInteraction": "REQUIRED", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH", "baseScore": 7.0, "baseSeverity": "HIGH" }, "exploitabilityScore": 1.0, "impactScore": 5.9 } ], "cvssMetricV2": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "2.0", "vectorString": "AV:N/AC:H/Au:N/C:C/I:C/A:C", "accessVector": "NETWORK", "accessComplexity": "HIGH", "authentication": "NONE", "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "availabilityImpact": "COMPLETE", "baseScore": 7.6 }, "baseSeverity": "HIGH", "exploitabilityScore": 4.9, "impactScore": 10.0, "acInsufInfo": false, "obtainAllPrivilege": false, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-362" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.14", "versionEndExcluding": "10.14.6", "matchCriteriaId": "6DE2B03F-94EE-4E32-B366-FE31A7031403" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*", "versionStartIncluding": "10.15", "versionEndExcluding": "10.15.7", "matchCriteriaId": "DB8A73F8-3074-4B32-B9F6-343B6B1988C5" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*", "matchCriteriaId": "693E7DAE-BBF0-4D48-9F8A-20DDBD4AAC0C" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-001:*:*:*:*:*:*", "matchCriteriaId": "CFE26ECC-A2C2-4501-9950-510DE0E1BD86" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-002:*:*:*:*:*:*", "matchCriteriaId": "26108BEF-0847-4AB0-BD98-35344DFA7835" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "0FD3467D-7679-479F-9C0B-A93F7CD0929D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*", "matchCriteriaId": "D4C6098E-EDBD-4A85-8282-B2E9D9333872" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*", "matchCriteriaId": "518BB47B-DD76-4E8C-9F10-7EBC1E146191" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*", "matchCriteriaId": "63940A55-D851-46EB-9668-D82BEFC1FE95" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*", "matchCriteriaId": "68C7A97A-3801-44FA-96CA-10298FA39883" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*", "matchCriteriaId": "6D69914D-46C7-4A0E-A075-C863C1692D33" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*", "matchCriteriaId": "9CDB4476-B521-43E4-A129-8718A8E0A8CD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-001:*:*:*:*:*:*", "matchCriteriaId": "9D072B77-BE3F-4A2E-B66A-E2C8DC3781E4" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2021-002:*:*:*:*:*:*", "matchCriteriaId": "A4A6BF78-B772-435C-AC1A-2199027CCF9E" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*", "matchCriteriaId": "A654B8A2-FC30-4171-B0BB-366CD7ED4B6A" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*", "matchCriteriaId": "F1F4BF7F-90D4-4668-B4E6-B06F4070F448" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*", "matchCriteriaId": "C1C795B9-E58D-467C-83A8-2D45C792292F" }, { "vulnerable": true, "criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "versionStartIncluding": "11.0", "versionEndExcluding": "11.2.1", "matchCriteriaId": "52B62D32-7B84-48DB-8E87-FB5C61958CC0" } ] } ] } ], "references": [ { "url": "http://seclists.org/fulldisclosure/2021/Apr/54", "source": "product-security@apple.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://support.apple.com/en-us/HT212177", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] }, { "url": "https://support.apple.com/kb/HT212327", "source": "product-security@apple.com", "tags": [ "Vendor Advisory" ] } ] }