CVE-2021-1867: Input Validation
First published: Mon Apr 26 2021(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.
Credit: product-security@apple.com Zuozhi Fan @pattern_F_ Wish Wu(吴潍浠) Ant Group Tianqiong Security LabWish Wu (吴潍浠) Ant Group Tianqiong Security Lab
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <11.3 | 11.3 |
| Apple iOS, iPadOS, and watchOS | <14.5 | |
| iOS | <14.5 | |
| Apple iOS and macOS | >=11.0<11.3 | |
| Apple iOS, iPadOS, and watchOS | <14.5 | 14.5 |
| Apple iOS, iPadOS, and watchOS | <14.5 | 14.5 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212317 (Advisory)
- https://support.apple.com/en-us/HT212325 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1853
- CVE-2021-1849
- CVE-2021-1867
- CVE-2021-1810
- CVE-2021-1808
- CVE-2021-1857
- CVE-2021-30752
- CVE-2021-30664
- CVE-2021-1846
- CVE-2021-1809
- CVE-2021-30659
- CVE-2021-1847
- CVE-2021-1811
- CVE-2020-8284
- CVE-2020-8286
- CVE-2020-8285
- CVE-2021-1784
- CVE-2021-1872
- CVE-2021-1881
- CVE-2021-1882
- CVE-2021-1813
- CVE-2021-1883
- CVE-2021-1884
- CVE-2021-1880
- CVE-2021-30653
- CVE-2021-1814
- CVE-2021-1843
- CVE-2021-1885
- CVE-2021-1858
- CVE-2021-30743
- CVE-2021-30658
- CVE-2021-1841
- CVE-2021-1834
- CVE-2021-1860
- CVE-2021-1840
- CVE-2021-1851
- CVE-2021-1832
- CVE-2021-30660
- CVE-2021-30652
- CVE-2021-1875
- CVE-2021-1824
- CVE-2021-1859
- CVE-2021-1876
- CVE-2021-1815
- CVE-2021-1739
- CVE-2021-1740
- CVE-2021-1861
- CVE-2021-1855
- CVE-2021-1868
- CVE-2021-30750
- CVE-2021-1878
- CVE-2021-30657
- CVE-2021-30856
- CVE-2020-8037
- CVE-2021-1839
- CVE-2021-1825
- CVE-2021-1817
- CVE-2021-1826
- CVE-2021-1820
- CVE-2021-30661
- CVE-2020-7463
- CVE-2021-1828
- CVE-2021-1829
- CVE-2021-30655
- CVE-2021-1770
- CVE-2021-1873
- CVE-2021-1835
- CVE-2021-1837
- CVE-2021-1836
- CVE-2021-30742
- CVE-2021-1812
- CVE-2021-30656
- CVE-2021-30764
- CVE-2021-30662
- CVE-2021-1864
- CVE-2021-1877
- CVE-2021-1852
- CVE-2021-1830
- CVE-2021-1874
- CVE-2021-1816
- CVE-2021-1833
- CVE-2021-1822
- CVE-2021-1865
- CVE-2021-1863
- CVE-2021-1807
- CVE-2021-1831
- CVE-2021-1862
- CVE-2021-1854
- CVE-2021-30921
- CVE-2021-1848
Frequently Asked Questions
What is CVE-2021-1867?
CVE-2021-1867 is a vulnerability related to the Apple Neural Engine, where an out-of-bounds read was addressed with improved input validation.
How does CVE-2021-1867 affect Apple iOS?
CVE-2021-1867 affects Apple iOS versions up to but excluding 14.5.
How does CVE-2021-1867 affect Apple iPadOS?
CVE-2021-1867 affects Apple iPadOS versions up to but excluding 14.5.
How does CVE-2021-1867 affect Apple macOS Big Sur?
CVE-2021-1867 affects Apple macOS Big Sur versions up to but excluding 11.3.
What is the remedy for CVE-2021-1867?
The remedy for CVE-2021-1867 is upgrading to Apple iOS 14.5, Apple iPadOS 14.5, or Apple macOS Big Sur 11.3.
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-1867?
The CWE ID for CVE-2021-1867 is CWE-20.
- agent/first-publish-date
- agent/type
- agent/severity
- agent/references
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/trending
- agent/source
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/apple macos
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos
- version/apple ios and macos/11.0