Vulnerabilities > CVE-2021-31010 - Deserialization of Untrusted Data vulnerability in Apple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
NONE Integrity impact
HIGH Availability impact
NONE Summary
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
Vulnerable Configurations
Common Weakness Enumeration (CWE)
References
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212804
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212805
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212806
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/en-us/HT212807
- https://support.apple.com/en-us/HT212824
- https://support.apple.com/en-us/HT212824