Questions about COVID-19?
Visit coronavirus.ohio.gov or call 1-833-4-ASK-ODH for answers.

 

Phishing Targets You

Who's Spying on You?
I Will Gladly Pay You Tuesday For Your Money Today.

Protect Yourself Online

The Stop. Think. Connect.™ web site contains resources and hints to help you protect yourself and your family against many online risks.

Arm yourself with the hints, tips, and techniques provided by contributors at www.stopthinkconnect.org/ and the Department of Homeland Security, and experience a safer web!

Latest Vulnerability Information

Multiple Vulnerabilities in Google Android OS Could Allow for...

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution



Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:


2022-002

DATE(S) ISSUED:


01/05/2022

OVERVIEW:


Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Android OS builds utilizing Security Patch Levels issued prior to January 5, 2022

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details of these vulnerabilities are as follows:

  • Multiple vulnerabilities in Framework, the most severe of which could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions. (CVE-2021-39630, CVE-2021-39632, CVE-2020-0338, CVE-2021-0934)
  • A vulnerability in Media Framework that could lead to remote escalation of privilege with no additional execution privileges or user interaction needed. (CVE-2021-39623)
  • Multiple vulnerabilities in System, the most severe of which could enable a local privileged attacker to install existing packages without requiring user consent. (CVE-2021-39618, CVE-2021-39620, CVE-2021-39621, CVE-2021-39622, CVE-2021-39625, CVE-2021-39626, CVE-2021-39627, CVE-2021-39629, CVE-2021-0643, CVE-2021-39628, CVE-2021-39659)
  • A vulnerability in Android Runtime that could enable a local attacker to bypass memory restrictions in order to gain access to additional permissions. (CVE-2021-0959)
  • Multiple vulnerabilities in Kernel components, the most severe of which could lead to a local escalation of privilege due to a race condition, with no additional execution privileges or user interaction needed. (CVE-2020-29368, CVE-2021-39634, CVE-2021-39633)
  • Multiple vulnerabilities in MediaTek components. (CVE-2021-31345, CVE-2021-31346, CVE-2021-31890, CVE-2021-40148, CVE-2021-31889)
  • A vulnerability in Unisoc components. (CVE-2021-1049)
  • Multiple high severity vulnerabilities in Qualcomm components. (CVE-2021-30319, CVE-2021-30353)
  • Multiple high and critical severity vulnerabilities in Qualcomm closed-source components. (CVE-2021-30285, CVE-2021-30287, CVE-2021-30300, CVE-2021-30301, CVE-2021-30307, CVE-2021-30308, CVE-2021-30311)

Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.

  • Remind users to only download applications from trusted vendors in the Play Store.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

REFERENCES:



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-0338
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29368
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0643
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1049
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30287
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30301
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30307
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30308
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30311
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30319
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30353
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31345
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31346
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31889
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-31890
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39618
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39620
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39621
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39622
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39625
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39626
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39627
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39628
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39629
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39630
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39632
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39633
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39634
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-39659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40148


Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary...

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2022-001

DATE(S) ISSUED:


01/05/2022

OVERVIEW:


Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are no reports that these vulnerabilities are being exploited in the wild.

SYSTEMS AFFECTED:


  • Google Chrome versions prior to 97.0.4692.71

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • Use after free in Storage. (CVE-2022-0096)
  • Inappropriate implementation in DevTools. (CVE-2022-0097)
  • Use after free in Screen Capture. (CVE-2022-0098)
  • Use after free in Sign-in. (CVE-2022-0099)
  • Heap buffer overflow in Media streams API. (CVE-2022-0100)
  • Heap buffer overflow in Bookmarks. (CVE-2022-0101)
  • Type Confusion in V8. (CVE-2022-0102)
  • Use after free in SwiftShader. (CVE-2022-0103)
  • Heap buffer overflow in ANGLE. (CVE-2022-0104)
  • Use after free in PDF. (CVE-2022-0105)
  • Use after free in Autofill. (CVE-2022-0106)
  • Use after free in File Manager API. (CVE-2022-0107)
  • Inappropriate implementation in Navigation. (CVE-2022-0108)
  • Inappropriate implementation in Autofill. (CVE-2022-0109)
  • Incorrect security UI in Autofill. (CVE-2022-0110)
  • Inappropriate implementation in Navigation. (CVE-2022-0111)
  • Incorrect security UI in Browser UI. (CVE-2022-0112)
  • Inappropriate implementation in Blink. (CVE-2022-0113)
  • Out of bounds memory access in Web Serial. (CVE-2022-0114)
  • Uninitialized Use in File API. (CVE-2022-0115)
  • Inappropriate implementation in Compositing. (CVE-2022-0116)
  • Policy bypass in Service Workers. (CVE-2022-0117)
  • Inappropriate implementation in WebShare. (CVE-2022-0118)
  • Inappropriate implementation in Passwords. (CVE-2022-0120)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



Multiple Vulnerabilities in Adobe Products could allow for Arbitrary...

Multiple Vulnerabilities in Adobe Products could allow for Arbitrary Code Execution



Multiple Vulnerabilities in Adobe Products could allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-162

DATE(S) ISSUED:


12/14/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for Arbitrary Code Execution.



  • Premiere Rush is a video editor.

  • Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms.

  • Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing.

  • Photoshop is a graphics editor.

  • Prelude software is a video ingest and logging tool that helps you quickly tag and transcode raw footage from file-based cameras.

  • After Effects is a graphics and visual effects software.

  • Dimension is a 3D rendering and design software

  • Premiere Pro is a video editing and manipulation software.

  • Media Encoder is software that provides media content over the internet.

  • Lightroom is an image organization and manipulation tool.

  • Audition is a professional audio editing application that includes a non-destructive mixing and editing environment.


Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Adobe Premiere Rush 1.5.16  and earlier versions for Windows

  • Adobe Experience Manager 6.5.10.0 and earlier versions for all platforms

  • Adobe Connect 11.3 and earlier versions for all platforms

  • Adobe Photoshop 2021 22.5.3 and earlier versions for Windows and macOS

  • Adobe Photoshop 2022 23.0.2 and earlier versions for Windows and macOS

  • Adobe Prelude 22.0 and earlier versions for Windows

  • Adobe After Effects 22.0 and earlier versions for Windows and macOS

  • Adobe After Effects 18.4.2 and earlier versions for Windows and macOS

  • Adobe Dimension 3.4.3 and earlier versions for Windows and macOS

  • Adobe Premiere Pro 22.0 and earlier versions for Windows and macOS

  • Adobe Premiere Pro 15.4.2 and earlier versions for Windows and macOS

  • Adobe Media Encoder 22.0 and earlier versions for Windows and macOS

  • Adobe Media Encoder 15.4.2 and earlier versions for Windows and macOS

  • Adobe Lightroom 4.4 and earlier versions for Windows

  • Adobe Audition 22.0 and earlier versions for Windows and macOS

  • Adobe Audition 14.4 and earlier versions for Windows and macOS

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:
Adobe Premiere Rush

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-40783, CVE-2021-40784, CVE-2021-43021, CVE-2021-43022, CVE-2021-43023, CVE-2021-43024, CVE-2021-43025, CVE-2021-43026, CVE-2021-43028, CVE-2021-43029, CVE-2021-43747)
  • Access of Uninitialized Pointer, which could allow for privilege escalation. (CVE-2021-43030)
  • Improper Input Validation, which could allow for arbitrary code execution. (CVE-2021-43746)
  • NULL Pointer Dereference, which could allow for application denial-of-service. (CVE-2021-43748, CVE-2021-43749, CVE-2021-43750)

Adobe Experience Manager

  • Cross-site Scripting (XSS), which could allow for Arbitrary code execution. (CVE-2021-43761, CVE-2021-43764)
  • Improper Restriction of XML External Entity Reference (‘XXE’), which could allow for Arbitrary code execution. (CVE-2021-40722)
  • Improper Input Validation, which could allow for Security feature bypass. (CVE-2021-43762)
  • Cross-site Scripting (Stored XSS), which could allow for Arbitrary code execution. (CVE-2021-43765, CVE-2021-44176, CVE-2021-44177)
  • Cross-site Scripting (Reflected XSS), which could allow for Arbitrary code execution. (CVE-2021-44178)

Adobe Connect

  • Cross-Site Request Forgery (CSRF), which could allow for arbitrary file system write. (CVE-2021-43014)

Adobe Photoshop

  • Out-of-bounds Write, which could allow for arbitrary code execution. (CVE-2021-43018)
  • Access of Memory Location After End of Buffer, which could allow for a memory leak. (CVE-2021-43020)
  • Buffer Overflow, which could allow for arbitrary code execution. (CVE-2021-44184)

Adobe Prelude

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-43754)
  • Out-of-bounds Read, which could allow for Privilege escalation. (CVE-2021-44696)

Adobe After Effects

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-43755)
  • Out-of-bounds Read, which could allow for arbitrary code execution. (CVE-2021-44188)
  • Use After Free, which could allow for privilege escalation. (CVE-2021-44189)
  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-44190, CVE-2021-44191, CVE-2021-44192, CVE-2021-44193, CVE-2021-44194, CVE-2021-44195, CVE-2021-43027)

Adobe Dimension

  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-43763)
  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-44179)
  • Out-of-bounds Write, which could allow for arbitrary code execution. (CVE-2021-44180, CVE-2021-44181, CVE-2021-44182, CVE-2021-44183)

Adobe Premiere Pro

  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-43751, CVE-2021-40791, CVE-2021-40795, CVE-2021-42265)
  • Use After Free, which could allow for privilege escalation. (CVE-2021-40790)

Adobe Media Encoder

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-43756)
  • Out-of-bounds Read, which could allow for arbitrary code execution. (CVE-2021-43757, CVE-2021-43758, CVE-2021-43759, CVE-2021-43760)

Adobe Lightroom

  • Use After Free, which could allow for privilege escalation. (CVE-2021-43753)

Adobe Audition

  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-44697, CVE-2021-44698, CVE-2021-44699)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Install the updates provided by Adobe immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44699


Multiple Vulnerabilities in Adobe Products could allow for Arbitrary...

Multiple Vulnerabilities in Adobe Products could allow for Arbitrary Code Execution



Multiple Vulnerabilities in Adobe Products could allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-163

DATE(S) ISSUED:


12/14/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in Adobe products, the most severe of which could allow for Arbitrary Code Execution.



  • Premiere Rush is a video editor.

  • Experience Manager is a comprehensive content management solution for building websites, mobile apps and forms.

  • Connect is a suite of software for remote training, web conferencing, presentation, and desktop sharing.

  • Photoshop is a graphics editor.

  • Prelude software is a video ingest and logging tool that helps you quickly tag and transcode raw footage from file-based cameras.

  • After Effects is a graphics and visual effects software.

  • Dimension is a 3D rendering and design software

  • Premiere Pro is a video editing and manipulation software.

  • Media Encoder is software that provides media content over the internet.

  • Lightroom is an image organization and manipulation tool.

  • Audition is a professional audio editing application that includes a non-destructive mixing and editing environment.


Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Adobe Premiere Rush 1.5.16  and earlier versions for Windows

  • Adobe Experience Manager 6.5.10.0 and earlier versions for all platforms

  • Adobe Connect 11.3 and earlier versions for all platforms

  • Adobe Photoshop 2021 22.5.3 and earlier versions for Windows and macOS

  • Adobe Photoshop 2022 23.0.2 and earlier versions for Windows and macOS

  • Adobe Prelude 22.0 and earlier versions for Windows

  • Adobe After Effects 22.0 and earlier versions for Windows and macOS

  • Adobe After Effects 18.4.2 and earlier versions for Windows and macOS

  • Adobe Dimension 3.4.3 and earlier versions for Windows and macOS

  • Adobe Premiere Pro 22.0 and earlier versions for Windows and macOS

  • Adobe Premiere Pro 15.4.2 and earlier versions for Windows and macOS

  • Adobe Media Encoder 22.0 and earlier versions for Windows and macOS

  • Adobe Media Encoder 15.4.2 and earlier versions for Windows and macOS

  • Adobe Lightroom 4.4 and earlier versions for Windows

  • Adobe Audition 22.0 and earlier versions for Windows and macOS

  • Adobe Audition 14.4 and earlier versions for Windows and macOS

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Adobe Products, the most severe of which could allow for arbitrary code execution. Details of these vulnerabilities are as follows:
Adobe Premiere Rush

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-40783, CVE-2021-40784, CVE-2021-43021, CVE-2021-43022, CVE-2021-43023, CVE-2021-43024, CVE-2021-43025, CVE-2021-43026, CVE-2021-43028, CVE-2021-43029, CVE-2021-43747)
  • Access of Uninitialized Pointer, which could allow for privilege escalation. (CVE-2021-43030)
  • Improper Input Validation, which could allow for arbitrary code execution. (CVE-2021-43746)
  • NULL Pointer Dereference, which could allow for application denial-of-service. (CVE-2021-43748, CVE-2021-43749, CVE-2021-43750)

Adobe Experience Manager

  • Cross-site Scripting (XSS), which could allow for Arbitrary code execution. (CVE-2021-43761, CVE-2021-43764)
  • Improper Restriction of XML External Entity Reference (‘XXE’), which could allow for Arbitrary code execution. (CVE-2021-40722)
  • Improper Input Validation, which could allow for Security feature bypass. (CVE-2021-43762)
  • Cross-site Scripting (Stored XSS), which could allow for Arbitrary code execution. (CVE-2021-43765, CVE-2021-44176, CVE-2021-44177)
  • Cross-site Scripting (Reflected XSS), which could allow for Arbitrary code execution. (CVE-2021-44178)

Adobe Connect

  • Cross-Site Request Forgery (CSRF), which could allow for arbitrary file system write. (CVE-2021-43014)

Adobe Photoshop

  • Out-of-bounds Write, which could allow for arbitrary code execution. (CVE-2021-43018)
  • Access of Memory Location After End of Buffer, which could allow for a memory leak. (CVE-2021-43020)
  • Buffer Overflow, which could allow for arbitrary code execution. (CVE-2021-44184)

Adobe Prelude

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-43754)
  • Out-of-bounds Read, which could allow for Privilege escalation. (CVE-2021-44696)

Adobe After Effects

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-43755)
  • Out-of-bounds Read, which could allow for arbitrary code execution. (CVE-2021-44188)
  • Use After Free, which could allow for privilege escalation. (CVE-2021-44189)
  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-44190, CVE-2021-44191, CVE-2021-44192, CVE-2021-44193, CVE-2021-44194, CVE-2021-44195, CVE-2021-43027)

Adobe Dimension

  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-43763)
  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-44179)
  • Out-of-bounds Write, which could allow for arbitrary code execution. (CVE-2021-44180, CVE-2021-44181, CVE-2021-44182, CVE-2021-44183)

Adobe Premiere Pro

  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-43751, CVE-2021-40791, CVE-2021-40795, CVE-2021-42265)
  • Use After Free, which could allow for privilege escalation. (CVE-2021-40790)

Adobe Media Encoder

  • Access of Memory Location After End of Buffer, which could allow for arbitrary code execution. (CVE-2021-43756)
  • Out-of-bounds Read, which could allow for arbitrary code execution. (CVE-2021-43757, CVE-2021-43758, CVE-2021-43759, CVE-2021-43760)

Adobe Lightroom

  • Use After Free, which could allow for privilege escalation. (CVE-2021-43753)

Adobe Audition

  • Out-of-bounds Read, which could allow for privilege escalation. (CVE-2021-44697, CVE-2021-44698, CVE-2021-44699)

Successful exploitation of the most severe of these vulnerabilities could allow for arbitrary code execution. Depending on the privileges associated with the user an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Install the updates provided by Adobe immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40722
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40783
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40790
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40791
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-40795
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-42265
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43014
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43018
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43020
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43021
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43022
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43023
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43024
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43025
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43026
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43027
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43028
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43029
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43030
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43746
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43747
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43748
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43749
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43750
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43751
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43753
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43754
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43755
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43756
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43757
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43758
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43759
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43760
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43761
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43762
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43763
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43764
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-43765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44176
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44177
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44178
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44179
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44180
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44181
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44182
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44183
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44184
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44188
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44189
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44190
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44191
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44192
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44193
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44194
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44195
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44696
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44697
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44698
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-44699


Critical Patches Issued for Microsoft Products, December 14, 2021

Critical Patches Issued for Microsoft Products, December 14, 2021



Critical Patches Issued for Microsoft Products, December 14, 2021

MS-ISAC ADVISORY NUMBER:


2021-161

DATE(S) ISSUED:


12/14/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution in the context of the logged on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

THREAT INTELLIGENCE:



There are currently reports of CVE-2021-43890 being exploited in the wild to spread malware such as Emotet, Trickbot, and Bazaloader.

SYSTEMS AFFECTED:


  • Apps

  • ASP.NET Core & Visual Studio

  • Azure Bot Framework SDK

  • BizTalk ESB Toolkit

  • Internet Storage Name Service

  • Microsoft Defender for IoT

  • Microsoft Devices

  • Microsoft Edge (Chromium-based)

  • Microsoft Local Security Authority Server (lsasrv)

  • Microsoft Message Queuing

  • Microsoft Office

  • Microsoft Office Access

  • Microsoft Office Excel

  • Microsoft Office SharePoint

  • Microsoft PowerShell

  • Microsoft Windows Codecs Library

  • Office Developer Platform

  • Remote Desktop Client

  • Role: Windows Fax Service

  • Role: Windows Hyper-V

  • Visual Studio Code

  • Visual Studio Code – WSL Extension

  • Windows Common Log File System Driver

  • Windows Digital TV Tuner

  • Windows DirectX

  • Windows Encrypting File System (EFS)

  • Windows Event Tracing

  • Windows Installer

  • Windows Kernel

  • Windows Media

  • Windows Mobile Device Management

  • Windows NTFS

  • Windows Print Spooler Components

  • Windows Remote Access Connection Manager

  • Windows Storage

  • Windows Storage Spaces Controller

  • Windows SymCrypt

  • Windows TCP/IP

  • Windows Update Stack

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Microsoft products, the most severe of which could allow for remote code execution.

A full list of all vulnerabilities can be found at the link below:
https://msrc.microsoft.com/update-guide

Successful exploitation of the most severe of these vulnerabilities could result in an attacker gaining the same privileges as the logged-on user. Depending on the privileges associated with the user, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. Users whose accounts are configured to have fewer user rights on the system could be less impacted than those who operate with administrative user rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches or appropriate mitigations provided by Microsoft to vulnerable systems immediately after appropriate testing.

  • Apply the Principle of Least Privilege to all systems and services, and run all software as a non-privileged user (one without administrative rights) to diminish the effects of a successful attack.

  • Remind all users not to visit untrusted websites or follow links/open files provided by unknown or untrusted sources.

REFERENCES:



Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary...

Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in Apple Products Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-160

DATE(S) ISSUED:


12/14/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution.



  • iOS is a mobile operating system for mobile devices, including the iPhone, iPad, and iPod touch.

  • iPadOS is the successor to iOS 12 and is a mobile operating system for iPads.

  • macOS Monterey is the 18th and current major release of macOS.

  • macOS Big Sur is the 17th release of macOS.

  • macOS Catalina is the 16th major release of macOS

  • watchOS is the mobile operating system for Apple Watch and is based on the iOS operating system.

  • tvOS is an operating system for fourth-generation Apple TV digital media player.


Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

THREAT INTELLIGENCE:



There are no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • iOS and iPadOS prior to 15.2

  • macOS Monterey prior to 12.1

  • macOS Big Sur prior to 11.6.2

  • macOS Catalina prior to security update 2021-008

  • watchOS prior to 8.3

  • tvOS prior to 15.2

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Apple Products, the most severe of which could allow for arbitrary code execution in the context of the affected user. Details of these vulnerabilities are as follows:

  • iOS 15.2 and iPadOS 15.2
    o Audio
     Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30960)
    o CFNetwork Profiles
     User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. A logic issue was addressed with improved state management. (CVE-2021-30966)
    o ColorSync
     Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30926, CVE-2021-30942)
    o CoreAudio
     Processing a maliciously crafted audio file may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30957)
     Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
    o Crash Reporter
     A local attacker may be able to elevate their privileges. This issue was addressed with improved checks. (CVE-2021-30945)
    o FaceTime
     A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata. This issue was addressed with improved handling of file metadata. (CVE-2021-30992)
    o ImageIO
     Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    o IOMobileFrameBuffer
     A malicious application may be able to execute arbitrary code with kernel privileges.
    i. A race condition was addressed with improved state handling. (CVE-2021-30996)
    ii. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30983)
    iii. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30985)
    iv. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30991)
    o Kernel
     A malicious application may be able to execute arbitrary code with kernel privileges.
    i. A use after free issue was addressed with improved memory management. (CVE-2021-30937)
    ii. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
    iii. A race condition was addressed with improved state handling. (CVE-2021-30955)
     An application may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
     An attacker in a privileged network position may be able to execute arbitrary code. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30993)
    o Model I/O
     Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
    i. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30971)
    ii. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30979)
     Processing a maliciously crafted file may disclose user information. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30973)
     Processing a maliciously crafted USD file may disclose memory contents.
    i. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30929)
    ii. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30940, CVE-2021-30941)
    o NetworkExtension
     A local attacker may be able to read sensitive information. A permissions issue was addressed with improved validation. (CVE-2021-30967)
     A malicious application may be able to identify what other applications a user has installed. A permissions issue was addressed with improved validation. (CVE-2021-30988)
    o Notes
     A person with physical access to an iOS device may be able to access contacts from the lock screen. The issue was addressed with improved permissions logic. (CVE-2021-30932)
    o Password Manager
     A person with physical access to an iOS device may be able to access stored passwords without authentication. An inconsistent user interface issue was addressed with improved state management. (CVE-2021-30948)
    o Preferences
     A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    o Sandbox
     A malicious application may be able to bypass certain Privacy preferences.
    i. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
    ii. A logic issue was addressed with improved restrictions. (CVE-2021-30946)
     An application may be able to access a user’s files. An access issue was addressed with additional sandbox restrictions. (CVE-2021-30947)
    o TCC
     A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
     A malicious application may be able to bypass Privacy preferences. An inherited permissions issue was addressed with additional restrictions. (CVE-2021-30964)
    o WebKit
     Processing maliciously crafted web content may lead to arbitrary code execution.
    i. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)
    ii. A use after free issue was addressed with improved memory management. (CVE-2021-30936, CVE-2021-30951)
    iii. An integer overflow was addressed with improved input validation. (CVE-2021-30952)
    iv. A race condition was addressed with improved state handling. (CVE-2021-30984)
    v. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30953)
    vi. A type confusion issue was addressed with improved memory handling. (CVE-2021-30954)

  • macOS Monterey 12.1
    o Airport
     A device may be passively tracked via BSSIDs. An access issue was addressed with improved access restrictions. (CVE-2021-30987)
    o Archive Utility
     A malicious application may bypass Gatekeeper checks. A logic issue was addressed with improved state management. (CVE-2021-30950)
    o Audio
     Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30960)
    o Bluetooth
     A device may be passively tracked by its Bluetooth MAC address. A device configuration issue was addressed with an updated configuration. (CVE-2021-30986)
    o CFNetwork Proxies
     User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. A logic issue was addressed with improved state management. (CVE-2021-30966)
    o ColorSync
     Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30926, CVE-2021-30942)
    o CoreAudio
     Processing a maliciously crafted audio file may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30957)
     Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
    o Crash Reporter
     A local attacker may be able to elevate their privileges. This issue was addressed with improved checks. (CVE-2021-30945)
    o Graphics Divers
     A malicious application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30977)
    o ImageIO
     Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    o Intel Graphics Driver
     An application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30981)
    o IOMobileFrameBuffer
     A malicious application may be able to execute arbitrary code with kernel privileges. A race condition was addressed with improved state handling. (CVE-2021-30996)
    o IOUSBHostFamily
     A remote attacker may be able to cause unexpected application termination or heap corruption. A race condition was addressed with improved locking. (CVE-2021-30982)
    o Kernel
     A malicious application may be able to execute arbitrary code with kernel privileges.
    i. A memory corruption vulnerability was addressed with improved locking. (CVE-2021-30937)
    ii. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
    iii. A race condition was addressed with improved state handling. (CVE-2021-30955)
     An application may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
     An attacker in a privileged network position may be able to execute arbitrary code. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30993)
    o LaunchServices
     A malicious application may bypass Gatekeeper checks.
    i. A logic issue was addressed with improved state management. (CVE-2021-30976)
    ii. A logic issue was addressed with improved validation. (CVE-2021-30990)
    o Model I/O
     Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
    i. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30971)
    ii. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30979)
     Processing a maliciously crafted file may disclose user information. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30973)
     Processing a maliciously crafted USD file may disclose memory contents.
    i. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30929)
    ii. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30940, CVE-2021-30941)
    o Preferences
     A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    o Sandbox
     A malicious application may be able to bypass certain Privacy preferences.
    i. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
    ii. A logic issue was addressed with improved restrictions. (CVE-2021-30946)
     An application may be able to access a user’s files. An access issue was addressed with additional sandbox restrictions. (CVE-2021-30947)
    o Script Editor
     A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. (CVE-2021-30975)
    o TCC
     A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
     A malicious application may be able to bypass Privacy preferences.
    i. An inherited permissions issue was addressed with additional restrictions. (CVE-2021-30964)
    ii. A logic issue was addressed with improved state management. (CVE-2021-30970)
     A malicious application may be able to cause a denial of service to Endpoint Security clients. A logic issue was addressed with improved state management. (CVE-2021-30965)
    o WebKit
     Processing maliciously crafted web content may lead to arbitrary code execution.
    i. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)
    ii. A use after free issue was addressed with improved memory management. (CVE-2021-30936, CVE-2021-30951)
    iii. An integer overflow was addressed with improved input validation. (CVE-2021-30952)
    iv. A race condition was addressed with improved state handling. (CVE-2021-30984)
    v. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30953)
    vi. A type confusion issue was addressed with improved memory handling. (CVE-2021-30954)
    o Wi-Fi
     A local user may be able to cause unexpected system termination or read kernel memory. This issue was addressed with improved checks. (CVE-2021-30938)

  • macOS Big Sur 11.6.2 and 2021-008 Catalina
    o Archive Utility
     A malicious application may bypass Gatekeeper checks. A logic issue was addressed with improved state management. (CVE-2021-30950)
    o Bluetooth
     A malicious application may be able to disclose kernel memory. A logic issue was addressed with improved validation. (CVE-2021-30931)
     An application may be able to execute arbitrary code with kernel privileges. A logic issue was addressed with improved validation. (CVE-2021-30935)
    o ColorSync
     Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30942)
    o CoreAudio
     Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
     Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30959, CVE-2021-30961, CVE-2021-30963)
    o Crash Reporter
     A local attacker may be able to elevate their privileges. This issue was addressed with improved checks. (CVE-2021-30945)
    o Graphics Drivers
     A malicious application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30977)
    o Help Viewer
     Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk. A path handling issue was addressed with improved validation. (CVE-2021-30969)
    o ImageIO
     Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    o Intel Graphics Driver
     An application may be able to execute arbitrary code with kernel privileges. A buffer overflow was addressed with improved bounds checking. (CVE-2021-30981)
    o IOUSBHostFamily
     A remote attacker may be able to cause unexpected application termination or heap corruption. A race condition was addressed with improved locking. (CVE-2021-30982)
    o Kernel
     An application may be able to execute arbitrary code with kernel privileges. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
     A malicious application may be able to execute arbitrary code with kernel privileges.
    i. A memory corruption vulnerability was addressed with improved locking. (CVE-2021-30937)
    ii. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
    o Launch Services
     A malicious application may bypass Gatekeeper checks.
    i. A logic issue was addressed with improved validation. (CVE-2021-30990)
    ii. A logic issue was addressed with improved state management. (CVE-2021-30976)
    o Model I/O
     Processing a maliciously crafted USD file may disclose memory contents.
    i. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30929)
    ii. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30940, CVE-2021-30941)
     Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution.
    i. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30979)
    ii. An out-of-bounds write issue was addressed with improved bounds checking. (CVE-2021-30971)
     Processing a maliciously crafted file may disclose user information. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30973)
    o Preferences
     A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    o Sandbox
     A malicious application may be able to bypass certain Privacy preferences. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
    o Script Editor
     A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. (CVE-2021-30975)
    o TCC
     A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
     A malicious application may be able to cause a denial of service to Endpoint Security clients. A logic issue was addressed with improved state management. (CVE-2021-30965)
    o Wi-Fi
     A local user may be able to cause unexpected system termination or read kernel memory. This issue was addressed with improved checks. (CVE-2021-30938)

  • WatchOS 8.3 and tvOS 15.2
    o Audio
     Parsing a maliciously crafted audio file may lead to disclosure of user information. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30960)
    o CFNetwork Proxies
     User traffic might unexpectedly be leaked to a proxy server despite PAC configurations. A logic issue was addressed with improved state management. (CVE-2021-30966)
    o ColorSync
     Processing a maliciously crafted image may lead to arbitrary code execution. A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. (CVE-2021-30926, CVE-2021-30942)
    o CoreAudio
     Processing a maliciously crafted audio file may lead to arbitrary code execution. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30957)
     Playing a malicious audio file may lead to arbitrary code execution. An out-of-bounds read was addressed with improved input validation. (CVE-2021-30958)
    o Crash Reporter
     A local attacker may be able to elevate their privileges.
    i. This issue was addressed with improved checks. (CVE-2021-30945)
    o ImageIO
     Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30939)
    o Kernel
     A malicious application may be able to execute arbitrary code with kernel privileges.
    i. A memory corruption issue was addressed with improved memory handling. (CVE-2021-30916)
    ii. A memory corruption vulnerability was addressed with improved locking. (CVE-2021-30937)
    iii. A use after free issue was addressed with improved memory management. (CVE-2021-30927, CVE-2021-30980)
    iv. A memory corruption issue was addressed with improved state management. (CVE-2021-30949)
     An attacker in a privileged network position may be able to execute arbitrary code. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30993)
     A malicious application may be able to execute arbitrary code with kernel privileges. A race condition was addressed with improved state handling. (CVE-2021-30955)
    o Preferences
     A malicious application may be able to elevate privileges. A race condition was addressed with improved state handling. (CVE-2021-30995)
    o Sandbox
     A malicious application may be able to bypass certain Privacy preferences.
    i. A validation issue related to hard link behavior was addressed with improved sandbox restrictions. (CVE-2021-30968)
    ii. A logic issue was addressed with improved restrictions. (CVE-2021-30946)
     An application may be able to access a user’s files. An access issue was addressed with additional sandbox restrictions. (CVE-2021-30947)
    o TCC
     A local user may be able to modify protected parts of the file system. A logic issue was addressed with improved state management. (CVE-2021-30767)
     A malicious application may be able to bypass Privacy preferences. An inherited permissions issue was addressed with additional restrictions. (CVE-2021-30964)
    o WebKit
     Processing maliciously crafted web content may lead to arbitrary code execution.
    i. A buffer overflow issue was addressed with improved memory handling. (CVE-2021-30934)
    ii. A use after free issue was addressed with improved memory management. (CVE-2021-30936, CVE-2021-30951)
    iii. An integer overflow was addressed with improved input validation. (CVE-2021-30952)
    iv. A race condition was addressed with improved state handling. (CVE-2021-30984)
    v. An out-of-bounds read was addressed with improved bounds checking. (CVE-2021-30953)
    vi. A type confusion issue was addressed with improved memory handling. (CVE-2021-30954)

Successful exploitation of the most severe of these vulnerabilities could result in arbitrary code execution within the context of the application, an attacker gaining the same privileges as the logged-on user, or the bypassing of security restrictions. Depending on the permission associated with the application running the exploit, an attacker could then install programs; view, change, or delete data.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate patches provided by Apple to vulnerable systems immediately after appropriate testing.

  • Run all software as a nonprivileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to download, accept or execute files from untrusted and unknown sources.

  • Remind users not to visit untrusted websites or follow links provided by untrusted or unknown sources.

  • Evaluate read, write, and execute permissions on all newly installed software.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30767


Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary...

Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution



Multiple Vulnerabilities in Google Chrome Could Allow for Arbitrary Code Execution

MS-ISAC ADVISORY NUMBER:


2021-159

DATE(S) ISSUED:


12/14/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Google Chrome is a web browser used to access the Internet. Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are reports that an exploit for CVE-2021-4102 exists in the wild.

SYSTEMS AFFECTED:


  • Google Chrome versions prior to 96.0.4664.110

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: MEDIUM

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: MEDIUM

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Google Chrome, the most severe of which could allow for arbitrary code execution. Details of the vulnerabilities are as follows:

  • Insufficient data validation in Mojo. (CVE-2021-4098)
  • Use after free in Swiftshader. (CVE-2021-4099)
  • Object lifecycle issue in ANGLE. (CVE-2021-4100)
  • Heap buffer overflow in Swiftshader. (CVE-2021-4101)
  • Use after free in V8. (CVE-2021-4102)

Successful exploitation of the most severe of these vulnerabilities could allow an attacker to execute arbitrary code in the context of the browser. Depending on the privileges associated with the application, an attacker could view, change, or delete data. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply the stable channel update provided by Google to vulnerable systems immediately after appropriate testing.

  • Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding the threats posed by hypertext links contained in emails or attachments especially from un-trusted sources.

  • Apply the Principle of Least Privilege to all systems and services.

REFERENCES:




Multiple Vulnerabilities in Google Android OS Could Allow for...

Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution



Multiple Vulnerabilities in Google Android OS Could Allow for Remote Code Execution

MS-ISAC ADVISORY NUMBER:


2021-99

DATE(S) ISSUED:


12/11/2021

OVERVIEW:


Multiple vulnerabilities have been discovered in the Google Android operating system (OS), the most severe of which could allow for remote code execution. Android is an operating system developed by Google for mobile devices, including, but not limited to, smartphones, tablets, and watches. Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

THREAT INTELLIGENCE:



There are currently no reports of these vulnerabilities being exploited in the wild.

SYSTEMS AFFECTED:


  • Android OS builds utilizing Security Patch Levels issued prior to August 5, 2021.

RISK:



Government:


  • Large and medium government entities: HIGH

  • Small government entities: HIGH

Businesses:


  • Large and medium business entities: HIGH

  • Small business entities: HIGH

Home Users:
LOW


TECHNICAL SUMMARY:



Multiple vulnerabilities have been discovered in Google Android OS, the most severe of which could allow for remote code execution within the context of a privileged process. Details of these vulnerabilities are as follows:

  • Multiple vulnerabilities in Framework that could enable a local malicious application to bypass user interaction requirements in order to gain access to additional permissions. (CVE-2021-0640, CVE-2021-0645, CVE-2021-0646)
  • Multiple vulnerabilities in Media Framework that could enable a local malicious application to bypass operating system protections that isolate application data from other applications. (CVE-2021-0519)
  • Multiple vulnerabilities in System that could enable a local attacker using a specially crafted transmission to gain access to additional permissions. (CVE-2021-0591, CVE-2021-0593, CVE-2021-0584, CVE-2021-0641, CVE-2021-0642)
  • Multiple vulnerabilities in Kernel components could result in arbitrary kernel code execution due to a use after free. (CVE-2020-14381, CVE-2021-3347, CVE-2021-28375)
  • Multiple high severity vulnerabilities in MediaTek Components. (CVE-2021-0573, CVE-2021-0574, CVE-2021-0576, CVE-2021-0578, CVE-2021-0579, CVE-2021-0580, CVE-2021-0581, CVE-2021-0582)
  • A high severity vulnerability in Widevine DRM. (CVE-2021-0639)
  • Multiple Critical severity vulnerabilities in Qualcomm components. (CVE-2021-1972, CVE-2021-1976)
  • Multiple high severity vulnerabilities in Qualcomm components. (CVE-2021-1904, CVE-2021-1939, CVE-2021-1947, CVE-2021-1978)
  • Multiple critical and high severity vulnerabilities in Qualcomm closed-source components (CVE-2021-1916, CVE-2021-1919, CVE-2021-1920, CVE-2021-1914, CVE-2021-30260, CVE-2021-30261)
    Successful exploitation of the most severe of these vulnerabilities could allow for remote code execution within the context of a privileged process. Depending on the privileges associated with this application, an attacker could then install programs; view, change, or delete data; or create new accounts with full user rights. If this application has been configured to have fewer user rights on the system, exploitation of the most severe of these vulnerabilities could have less impact than if it was configured with administrative rights.

RECOMMENDATIONS:



We recommend the following actions be taken:



  • Apply appropriate updates by Google Android or mobile carriers to vulnerable systems, immediately after appropriate testing.

  • Remind users to only download applications from trusted vendors in the Play Store.

  • Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

  • Inform and educate users regarding threats posed by hypertext links contained in emails or attachments, especially from un-trusted sources.

REFERENCES:



CVE:

https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0519
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0573
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0574
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0576
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0578
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0579
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0580
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0581
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0584
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0591
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0593
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0639
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0640
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0641
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0642
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0645
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-0646
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1904
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1914
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1919
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1920
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1972
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1978
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3347
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-28375
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30260
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30261