CVE-2021-1772: Apple macOS CoreText TTF Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability
First published: Tue Jan 26 2021(Updated: )
A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.
Credit: Mickey Jin Trend Micro working with Trend MicroMickey Jin @patch1t Trend Micro working with Trend MicroMickey Jin Trend Micro working with Trend MicroMickey Jin @patch1t Trend Micro working with Trend Micro product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPadOS | <14.4 | |
| Apple iPhone OS | <14.4 | |
| Apple Mac OS X | >=10.14<10.14.6 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-security_update_2020-007 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0<11.2 | |
| Apple tvOS | <14.4 | |
| Apple watchOS | <7.3 | |
| Apple tvOS | <14.4 | 14.4 |
| Apple watchOS | <7.3 | 7.3 |
| Apple iOS | <14.4 | 14.4 |
| Apple iPadOS | <14.4 | 14.4 |
| Apple macOS Big Sur | <11.2 | 11.2 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1761
- CVE-2021-1797
- CVE-2021-1794
- CVE-2021-1795
- CVE-2021-1796
- CVE-2021-1780
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1786
- CVE-2021-1787
- CVE-2021-1791
- CVE-2021-1758
- CVE-2021-1773
- CVE-2021-1766
- CVE-2021-1785
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1818
- CVE-2021-1838
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1793
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1778
- CVE-2021-1783
- CVE-2021-1757
- CVE-2021-1748
- CVE-2021-1764
- CVE-2021-1750
- CVE-2021-1782
- CVE-2021-1781
- CVE-2021-1763
- CVE-2021-1768
- CVE-2021-1745
- CVE-2021-1762
- CVE-2021-1767
- CVE-2021-1753
- CVE-2021-1756
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1789
- CVE-2021-1801
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2021-1777
- CVE-2020-27945
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1736
- CVE-2021-1779
- CVE-2020-27904
- CVE-2020-29633
- CVE-2021-1771
- CVE-2020-29614
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1765
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-1772.
What is the title of this vulnerability?
The title of this vulnerability is CoreText. A stack overflow was addressed with improved input validation.
What software versions are affected by this vulnerability?
macOS Big Sur 11.2, Apple Catalina, Apple Mojave, Apple watchOS up to 7.3, Apple iOS up to 14.4, Apple iPadOS up to 14.4, Apple tvOS up to 14.4 are affected by this vulnerability.
What is the severity of this vulnerability?
The severity of this vulnerability is not mentioned in the provided information.
How can this vulnerability be fixed?
This vulnerability can be fixed by updating the affected software to the recommended versions mentioned in the remediation links provided by Apple.
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/zdi-advisory
- alias/ZDI-21-758
- alias/ZDI-CAN-13172
- alias/CVE-2021-1772
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.14
- version/apple mac os x/10.15
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-security_update_2020-007
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0