CISA KEV 정보
| 취약점명 | Apple Multiple Products Integer Overflow or Wraparound Vulnerability |
|---|---|
| 설명 | Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution. |
| 조치사항 | Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable. |
| 랜섬웨어 캠페인 악용 | Unknown |
| CWE | CWE-190 |
| 등록일 (KEV) | 2026-03-05 |
| 조치 기한 | 2026-03-26 |
| 추가 참고 | https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952 |
NVD 상세 정보
CVSS v3.1: 7.8 HIGH
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HCVSS v2.0: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P설명: An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CWE: CWE-190 | CWE-190
참조
- http://www.openwall.com/lists/oss-security/2022/01/21/2 [Mailing List, Third Party Advisory]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/ [Broken Link]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/ [Broken Link]
- https://support.apple.com/en-us/HT212975 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT212976 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT212978 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT212980 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT212982 [Release Notes, Vendor Advisory]
- https://www.debian.org/security/2022/dsa-5060 [Mailing List, Third Party Advisory]
- https://www.debian.org/security/2022/dsa-5061 [Mailing List, Third Party Advisory]
- http://www.openwall.com/lists/oss-security/2022/01/21/2 [Mailing List, Third Party Advisory]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/ [Broken Link]
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/ [Broken Link]
- https://support.apple.com/en-us/HT212975 [Release Notes, Vendor Advisory]
- https://support.apple.com/en-us/HT212976 [Release Notes, Vendor Advisory]
- ... 외 7건
This product uses the NVD API but is not endorsed or certified by the NVD.