First published: Tue Aug 24 2021(Updated: )
A S/MIME issue existed in the handling of encrypted email. This issue was addressed with improved selection of the encryption certificate. This issue is fixed in iOS 15.2 and iPadOS 15.2. A sender's email address may be leaked when sending an S/MIME encrypted email using a certificate with more than one email address.
Credit: Benjamin Ehrfeld CISPA Helmholtz Center for Information Security cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
Apple iPadOS | <15.2 | |
Apple iPhone OS | <15.2 | |
Apple iOS | <15.2 | 15.2 |
Apple iPadOS | <15.2 | 15.2 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
The vulnerability ID is CVE-2021-30998.
The severity level of CVE-2021-30998 is medium.
The affected software of CVE-2021-30998 are Apple iOS and iPadOS versions up to and exclusive of 15.2.
CVE-2021-30998 was fixed with improved selection of the encryption certificate in iOS 15.2 and iPadOS 15.2.
You can find more information about CVE-2021-30998 on the Apple support website: https://support.apple.com/en-us/HT212976