Description Preview
Overview
The vulnerability exists in multiple Apple products including macOS, iOS, iPadOS, tvOS, watchOS, and Safari. The flaw involves insufficient validation of network ports, which could allow a malicious website to redirect traffic to restricted ports on arbitrary servers. This could potentially enable attackers to probe internal networks, access sensitive services, or conduct server-side request forgery (SSRF) attacks. The issue affects all versions of the affected products prior to the security updates released by Apple in early 2021.
Remediation
To mitigate this vulnerability, users should update to the following versions or later:
- macOS Big Sur 11.2
- Security Update 2021-001 Catalina
- Security Update 2021-001 Mojave
- tvOS 14.4
- watchOS 7.3
- iOS 14.4
- iPadOS 14.4
- Safari 14.0.3
The updates implement additional port validation to prevent malicious websites from accessing restricted ports on arbitrary servers. It is recommended to apply these updates as soon as possible to protect against potential exploitation of this vulnerability.
References
- Apple Security Advisory for macOS: https://support.apple.com/en-us/HT212146
- Apple Security Advisory for iOS/iPadOS: https://support.apple.com/en-us/HT212149
- Apple Security Advisory for tvOS: https://support.apple.com/en-us/HT212147
- Apple Security Advisory for watchOS: https://support.apple.com/en-us/HT212148
- Apple Security Advisory for Safari: https://support.apple.com/en-us/HT212152
- Fedora Security Advisory: https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
- Gentoo Linux Security Advisory: https://security.gentoo.org/glsa/202104-03
Industry ExposureMost to leastThis section illustrates the prevalence of a specific Common Vulnerabilities and Exposures (CVE) across various industries based on customer reports. The ranking displays industries from the most to least affected by this particular vulnerability, offering valuable insight into where this CVE has been most frequently observed. This information can help organizations within these sectors prioritize their security efforts, understand their relative risk exposure compared to their peers, and focus remediation strategies where they are most needed. By understanding the industry-specific impact, organizations can make more informed decisions regarding patching, resource allocation, and overall risk management related to this CVE.
- Public AdministrationPublic Administration: Medium
- ManufacturingManufacturing: Medium
- Health Care & Social AssistanceHealth Care & Social Assistance: Medium
- Educational ServicesEducational Services: Medium
- Transportation & WarehousingTransportation & Warehousing: Medium
- Finance and InsuranceFinance and Insurance: Medium
- Retail TradeRetail Trade: Medium
- UtilitiesUtilities: Medium
- Arts, Entertainment & RecreationArts, Entertainment & Recreation: Low
- Professional, Scientific, & Technical ServicesProfessional, Scientific, & Technical Services: Low
- Other Services (except Public Administration)Other Services (except Public Administration): Low
- InformationInformation: Low
- Management of Companies & EnterprisesManagement of Companies & Enterprises: Low
- Agriculture, Forestry Fishing & HuntingAgriculture, Forestry Fishing & Hunting: Low
- Real Estate Rental & LeasingReal Estate Rental & Leasing: Low
- Accommodation & Food ServicesAccommodation & Food Services: Low
- MiningMining: Low
- ConstructionConstruction: Low
- Administrative, Support, Waste Management & Remediation ServicesAdministrative, Support, Waste Management & Remediation Services: Low
- Wholesale TradeWholesale Trade: Low
