NVD disclosure day
CVE-2021-30713
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A permissions issue in macOS allowed malicious applications to bypass privacy controls. This could lead to unauthorized access to sensitive data. Apple has acknowledged reports of this vulnerability being actively exploited.
CVE-2021-30666
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A buffer overflow vulnerability in Apple's iOS allows arbitrary code execution when processing malicious web content. This impacts organizations using affected devices, risking unauthorized code execution and data compromise. Apple is aware of active exploitation reports, indicating a realistic business risk of system
CVE-2021-30665
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
A memory corruption issue in Apple software could allow arbitrary code execution. This impacts systems processing specially crafted web content. The business risk involves potential compromise of system and data integrity and availability.Apple software contains a memory corruption vulnerability that could allow arbitr
CVE-2021-30663
Halo Surface Signal: 4 out of 5 — likely to be public-facing.
An integer overflow in Apple's WebKit could allow attackers to execute arbitrary code by directing systems to process crafted web content. This impacts Apple products like iOS, iPadOS, macOS, tvOS, and Safari, posing a business risk through potential unauthorized code execution.
CVE-2021-30661
Halo Surface Signal: 5 out of 5 — more likely to be public-facing.
A vulnerability in Apple's WebKit may allow for arbitrary code execution when processing malicious web content. This could affect organizations using impacted Apple devices, leading to unauthorized access or system control. Apple has stated this issue may have been actively exploited.
CVE-2021-30657
Halo Surface Signal: 1 out of 5 — much less likely to be public-facing.
A vulnerability in macOS allowed malicious applications to bypass Gatekeeper security checks. This could impact organizations by enabling unauthorized software execution. Apple is aware this issue may have been exploited and has released updates.
CVE-2021-30762
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A vulnerability in iPhone operating system's web content handling could allow attackers to execute arbitrary code via malicious web content. This impacts organizations by potentially leading to unauthorized code execution on affected systems. Apple is aware this issue may have been actively exploited.
CVE-2021-30761
Halo Surface Signal: 3 out of 5 — possibly public-facing.
A memory corruption vulnerability in web content processing could allow arbitrary code execution on affected devices. This poses a business risk by enabling unauthorized code execution and potential data access. Organizations should identify affected devices and apply vendor updates to mitigate this risk.