First published: Tue Jan 26 2021(Updated: )
A stack overflow was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Processing a maliciously crafted text file may lead to arbitrary code execution.
Credit: Mickey Jin Trend Micro working with Trend MicroMickey Jin @patch1t Trend Micro working with Trend MicroMickey Jin Trend Micro working with Trend MicroMickey Jin @patch1t Trend Micro working with Trend Micro product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPadOS | <14.4 | |
Apple iPhone OS | <14.4 | |
Apple Mac OS X | >=10.14<10.14.6 | |
Apple Mac OS X | >=10.15<10.15.7 | |
Apple Mac OS X | =10.14.6 | |
Apple Mac OS X | =10.14.6-security_update_2019-004 | |
Apple Mac OS X | =10.14.6-security_update_2019-005 | |
Apple Mac OS X | =10.14.6-security_update_2019-006 | |
Apple Mac OS X | =10.14.6-security_update_2019-007 | |
Apple Mac OS X | =10.14.6-security_update_2020-001 | |
Apple Mac OS X | =10.14.6-security_update_2020-002 | |
Apple Mac OS X | =10.14.6-security_update_2020-003 | |
Apple Mac OS X | =10.14.6-security_update_2020-004 | |
Apple Mac OS X | =10.14.6-security_update_2020-005 | |
Apple Mac OS X | =10.14.6-security_update_2020-006 | |
Apple Mac OS X | =10.14.6-security_update_2020-007 | |
Apple Mac OS X | =10.14.6-supplemental_update | |
Apple Mac OS X | =10.14.6-supplemental_update_2 | |
Apple Mac OS X | =10.15.7 | |
Apple Mac OS X | =10.15.7-supplemental_update | |
Apple macOS | >=11.0<11.2 | |
Apple tvOS | <14.4 | |
Apple watchOS | <7.3 | |
Apple tvOS | <14.4 | 14.4 |
Apple watchOS | <7.3 | 7.3 |
Apple iOS | <14.4 | 14.4 |
Apple iPadOS | <14.4 | 14.4 |
Apple macOS Big Sur | <11.2 | 11.2 |
Apple Catalina | ||
Apple Mojave | ||
Apple macOS |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID for this issue is CVE-2021-1772.
The title of this vulnerability is CoreText. A stack overflow was addressed with improved input validation.
macOS Big Sur 11.2, Apple Catalina, Apple Mojave, Apple watchOS up to 7.3, Apple iOS up to 14.4, Apple iPadOS up to 14.4, Apple tvOS up to 14.4 are affected by this vulnerability.
The severity of this vulnerability is not mentioned in the provided information.
This vulnerability can be fixed by updating the affected software to the recommended versions mentioned in the remediation links provided by Apple.