CVE-2021-1867: Input Validation
Published Apr 26, 2021
·Updated
An out-of-bounds read was addressed with improved input validation. This issue is fixed in iOS 14.5 and iPadOS 14.5, macOS Big Sur 11.3. A malicious application may be able to execute arbitrary code with kernel privileges.
Credit
Zuozhi Fan@@pattern_F_, Wish Wu(吴潍浠)(Ant Group Tianqiong Security Lab), Wish Wu (吴潍浠)(Ant Group Tianqiong Security Lab)
Affected Software
6 affected componentsFixes available
Apple macOS Big Sur<11.3
11.3
Apple iOS and iPadOS<14.5
14.5
Apple iOS, iPadOS, and macOS<14.5
14.5
Apple iOS, iPadOS, and macOS<14.5
iPhone OS<14.5
macOS>=11.0<11.3
Event History
Sep 8, 2021
CVE Published
via MITRE·02:49 PM
Data Sourced
via MITRE·02:49 PM
DescriptionWeakness
Frequently Asked Questions
1
What is CVE-2021-1867?
CVE-2021-1867 is a vulnerability related to the Apple Neural Engine, where an out-of-bounds read was addressed with improved input validation.
2
How does CVE-2021-1867 affect Apple iOS?
CVE-2021-1867 affects Apple iOS versions up to but excluding 14.5.
3
How does CVE-2021-1867 affect Apple iPadOS?
CVE-2021-1867 affects Apple iPadOS versions up to but excluding 14.5.
4
How does CVE-2021-1867 affect Apple macOS Big Sur?
CVE-2021-1867 affects Apple macOS Big Sur versions up to but excluding 11.3.
5
What is the remedy for CVE-2021-1867?
The remedy for CVE-2021-1867 is upgrading to Apple iOS 14.5, Apple iPadOS 14.5, or Apple macOS Big Sur 11.3.
6
What is the Common Weakness Enumeration (CWE) ID for CVE-2021-1867?
The CWE ID for CVE-2021-1867 is CWE-20.