CVE-2021-30905: Apple macOS AudioCodecs LOAS File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
First published: Tue Aug 24 2021(Updated: )
CoreAudio. An out-of-bounds read was addressed with improved bounds checking.
Credit: Mickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend Micro cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iPadOS | <14.8 | |
| Apple iPadOS | =15.0 | |
| Apple iPhone OS | <14.8 | |
| Apple iPhone OS | =15.0 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-security_update_2021-003 | |
| Apple Mac OS X | =10.15.7-security_update_2021-004 | |
| Apple Mac OS X | =10.15.7-security_update_2021-005 | |
| Apple Mac OS X | =10.15.7-security_update_2021-006 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | <11.6.1 | |
| Apple macOS | =12.0.0 | |
| Apple tvOS | <15.1 | |
| Apple watchOS | <8.1 | |
| Apple iOS | <15.1 | 15.1 |
| Apple iPadOS | <15.1 | 15.1 |
| Apple iOS | <14.8 | 14.8 |
| Apple iPadOS | <14.8 | 14.8 |
| Apple macOS Monterey | <12.0.1 | 12.0.1 |
| Apple Catalina | ||
| Apple macOS Big Sur | <11.6.1 | 11.6.1 |
| Apple watchOS | <8.1 | 8.1 |
| Apple tvOS | <15.1 | 15.1 |
| Apple macOS |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212807 (Advisory)
- https://support.apple.com/en-us/HT212867 (Advisory)
- https://support.apple.com/en-us/HT212869 (Advisory)
- https://support.apple.com/en-us/HT212871 (Advisory)
- https://support.apple.com/en-us/HT212872 (Advisory)
- https://support.apple.com/en-us/HT212874 (Advisory)
- https://support.apple.com/en-us/HT212876 (Advisory)
- https://support.apple.com/kb/HT212807
- https://support.apple.com/kb/HT212872
- https://www.zerodayinitiative.com/advisories/ZDI-21-1368/
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30873
- CVE-2021-30876
- CVE-2021-30879
- CVE-2021-30877
- CVE-2021-30880
- CVE-2021-30994
- CVE-2021-30907
- CVE-2021-30899
- CVE-2021-30931
- CVE-2021-30866
- CVE-2021-30917
- CVE-2021-30903
- CVE-2021-30905
- CVE-2021-30919
- CVE-2020-9846
- CVE-2021-30881
- CVE-2021-30923
- CVE-2021-30831
- CVE-2021-30840
- CVE-2021-30852
- CVE-2021-30895
- CVE-2021-30896
- CVE-2021-30933
- CVE-2021-30906
- CVE-2021-30867
- CVE-2021-30814
- CVE-2021-30922
- CVE-2021-30824
- CVE-2021-30901
- CVE-2021-30821
- CVE-2021-30883
- CVE-2021-30924
- CVE-2021-30886
- CVE-2021-30909
- CVE-2021-30916
- CVE-2021-30864
- CVE-2021-30813
- CVE-2021-31011
- CVE-2021-30904
- CVE-2021-30910
- CVE-2021-30911
- CVE-2021-30874
- CVE-2021-30808
- CVE-2021-30920
- CVE-2021-31004
- CVE-2021-31002
- CVE-2021-30868
- CVE-2021-30912
- CVE-2021-30913
- CVE-2021-30915
- CVE-2021-31005
- CVE-2021-31008
- CVE-2021-30897
- CVE-2021-30884
- CVE-2021-30818
- CVE-2021-30836
- CVE-2021-30846
- CVE-2021-30849
- CVE-2021-30848
- CVE-2021-30851
- CVE-2021-30809
- CVE-2021-30823
- CVE-2021-30887
- CVE-2021-30888
- CVE-2021-30889
- CVE-2021-30861
- CVE-2021-30890
- CVE-2021-30930
- CVE-2021-30908
- CVE-2021-30833
- CVE-2021-30892
- CVE-2021-30926
- CVE-2021-30834
- CVE-2021-30844
- CVE-2021-30900
- CVE-2021-31007
- CVE-2021-30894
- CVE-2021-30838
- CVE-2021-30820
- CVE-2021-30928
- CVE-2021-30860
- CVE-2021-31010
- CVE-2021-30841
- CVE-2021-30843
- CVE-2021-30842
- CVE-2021-30847
- CVE-2021-30857
- CVE-2021-30859
- CVE-2013-0340
- CVE-2021-30855
- CVE-2021-30826
- CVE-2021-30858
- CVE-2021-30914
- CVE-2021-30875
- CVE-2021-30902
Frequently Asked Questions
What is the vulnerability CVE-2021-30905?
CVE-2021-30905 is a vulnerability in CoreAudio that allows an out-of-bounds read.
What software is affected by CVE-2021-30905?
The vulnerability affects Apple Catalina, macOS Big Sur (up to version 11.6.1), macOS Monterey (up to version 12.0.1), iOS (up to version 15.1), iPadOS (up to version 15.1), watchOS (up to version 8.1), and tvOS (up to version 15.1).
How can I fix CVE-2021-30905?
To fix CVE-2021-30905, update your Apple device to the latest available version, including macOS Catalina 10.15.7, macOS Big Sur 11.6.1, macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1.
Where can I find more information about CVE-2021-30905?
You can find more information about CVE-2021-30905 on the Apple support page: https://support.apple.com/en-us/HT212867
Are there any related references for CVE-2021-30905?
Yes, you can find related references for CVE-2021-30905 on the following Apple support pages: https://support.apple.com/en-us/HT212867, https://support.apple.com/en-us/HT212871, https://support.apple.com/en-us/HT212874
- collector/apple-support
- agent/type
- agent/softwarecombine
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/references
- agent/weakness
- agent/title
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/tags
- agent/first-publish-date
- agent/event
- collector/zdi-advisory
- source/ZDI
- alias/ZDI-21-1368
- alias/ZDI-CAN-14605
- alias/CVE-2021-30905
- agent/software-canonical-lookup
- vendor/apple
- canonical/apple macos monterey
- canonical/apple catalina
- canonical/apple macos big sur
- canonical/apple watchos
- canonical/apple ipados
- version/apple ipados/15.0
- canonical/apple iphone os
- version/apple iphone os/15.0
- canonical/apple mac os x
- version/apple mac os x/10.15
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-security_update_2021-003
- version/apple mac os x/10.15.7-security_update_2021-004
- version/apple mac os x/10.15.7-security_update_2021-005
- version/apple mac os x/10.15.7-security_update_2021-006
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/12.0.0
- canonical/apple tvos
- canonical/apple ios