Apple macOS Big Sur 资源管理错误漏洞

admin

0
文章

0
评论

2023-11-30 20:18:07 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 Apple macOS Big Sur 资源管理错误漏洞

CVE编号

CVE-2021-30858

利用情况

POC 已公开

补丁情况

官方补丁

披露时间

2021-08-25

漏洞描述

Apple macOS Big Sur是美国苹果（Apple）公司的一个手机应用APP。 Apple macOS Big Sur存在内存错误引用漏洞。远程攻击者可利用该漏洞诱骗受害用户访问特制网页并在系统上执行任意代码。受影响系统： Apple iOS < 14.8 Apple iPadOS < 14.8 Apple macOS Big Sur < 11.6

解决建议

目前厂商已发布升级补丁以修复漏洞，补丁获取链接：https://support.apple.com/en-us/HT212807

参考链接
http://seclists.org/fulldisclosure/2021/Sep/25
http://seclists.org/fulldisclosure/2021/Sep/27
http://seclists.org/fulldisclosure/2021/Sep/29
http://seclists.org/fulldisclosure/2021/Sep/38
http://seclists.org/fulldisclosure/2021/Sep/39
http://seclists.org/fulldisclosure/2021/Sep/50
http://www.openwall.com/lists/oss-security/2021/09/20/1
http://www.openwall.com/lists/oss-security/2021/10/26/9
http://www.openwall.com/lists/oss-security/2021/10/27/1
http://www.openwall.com/lists/oss-security/2021/10/27/2
http://www.openwall.com/lists/oss-security/2021/10/27/4
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://lists.fedoraproject.org/archives/list/[email protected]...
https://support.apple.com/en-us/HT212804
https://support.apple.com/en-us/HT212807
https://support.apple.com/kb/HT212824
https://www.debian.org/security/2021/dsa-4975
https://www.debian.org/security/2021/dsa-4976

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	系统	alibaba_cloud_linux_2.1903	webkitgtk4-debuginfo	*		Up to (excluding) 2.28.2-3.1.al7
	运行在以下环境
	系统	alpine_3.15	webkit2gtk	*		Up to (excluding) 2.32.4-r0
	运行在以下环境
	系统	alpine_3.16	webkit2gtk	*		Up to (excluding) 2.32.4-r0
	运行在以下环境
	系统	alpine_3.17	webkit2gtk	*		Up to (excluding) 2.32.4-r0
	运行在以下环境
	系统	alpine_3.18	webkit2gtk	*		Up to (excluding) 2.32.4-r0
	运行在以下环境
	系统	alpine_edge	webkit2gtk	*		Up to (excluding) 2.32.4-r0
	运行在以下环境
	系统	amazon_2	webkitgtk4	*		Up to (excluding) 2.28.2-3.amzn2.0.1
	运行在以下环境
	系统	amazon_2022	webkit2gtk3	*		Up to (excluding) 2.34.2-1.amzn2022
	运行在以下环境
	系统	anolis_os_7	webkitgtk4	*		Up to (excluding) 2.28.2-3
	运行在以下环境
	系统	anolis_os_8	webkit2gtk3	*		Up to (excluding) 2.30.4-3
	运行在以下环境
	系统	apple	ipados	*		Up to (excluding) 14.8
	运行在以下环境
	系统	apple	iphone_os	*		Up to (excluding) 14.8
	运行在以下环境
	系统	apple	macos	*		Up to (excluding) 11.6
	运行在以下环境
	系统	centos_7	webkitgtk4	*		Up to (excluding) 2.28.2-3.el7
	运行在以下环境
	系统	centos_8	webkit2gtk3-jsc-devel	*		Up to (excluding) 2.30.4-3.el8_4
	运行在以下环境
	系统	debian_10	webkit2gtk	*		Up to (excluding) 2.32.4-1~deb10u1
	运行在以下环境
	系统	debian_11	webkit2gtk	*		Up to (excluding) 2.32.4-1~deb11u1
	运行在以下环境
	系统	debian_12	webkit2gtk	*		Up to (excluding) 2.32.4-1
	运行在以下环境
	系统	debian_9	webkit2gtk	*		Up to (including) 2.18.6-1~deb9u1
	运行在以下环境
	系统	debian_sid	webkit2gtk	*		Up to (excluding) 2.32.4-1
	运行在以下环境
	系统	fedora_33	webkit2gtk3-jsc	*		Up to (excluding) 2.32.4-1.fc33
	运行在以下环境
	系统	fedora_34	webkit2gtk3-jsc	*		Up to (excluding) 2.32.4-1.fc34
	运行在以下环境
	系统	opensuse_Leap_15.2	webkit2gtk	*		Up to (excluding) 37-2.32.4-lp152.2.19.1
	运行在以下环境
	系统	opensuse_Leap_15.3	webkit2gtk	*		Up to (excluding) 2.32.4-12.3
	运行在以下环境
	系统	opensuse_Leap_15.4	libwebkit2gtk3-lang	*		Up to (excluding) 2.34.3-23.3
	运行在以下环境
	系统	oracle_7	oraclelinux-release	*		Up to (excluding) 2.28.2-3.el7
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 2.30.4-3.el8_4
	运行在以下环境
	系统	redhat_7	webkitgtk4	*		Up to (excluding) 2.28.2-3.el7
	运行在以下环境
	系统	redhat_8	webkit2gtk3-jsc-devel	*		Up to (excluding) 2.30.4-3.el8_4
	运行在以下环境
	系统	suse_12_SP5	webkit2gtk	*		Up to (excluding) 37-2.32.4-2.71.2
	运行在以下环境
	系统	ubuntu_18.04	webkit2gtk	*		Up to (excluding) 2.32.4-0ubuntu0.18.04.1
	运行在以下环境
系统	ubuntu_18.04.5_lts	webkit2gtk	*		Up to (excluding) 2.32.4-0ubuntu0.18.04.1
运行在以下环境
系统	ubuntu_20.04	webkit2gtk	*		Up to (excluding) 2.32.4-0ubuntu0.20.04.1
运行在以下环境
系统	ubuntu_21.04	webkit2gtk	*		Up to (excluding) 2.32.4-0ubuntu0.21.04.1