Alert - GCSA-21133 - Vulnerabilita' nei prodotti Apple

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1






******************************************************************

Alert ID: GCSA-21133
Data: 15 Dicembre 2021
Titolo: Vulnerabilita' nei prodotti Apple

******************************************************************

:: Descrizione del problema

Sono state identificate vulnerabilita' multiple nei prodotti Apple che
potrebbero essere sfruttate da attaccanti locali e remoti.

Maggiori informazioni sono disponibili nelle segnalazioni
ufficiali alla sezione "Riferimenti".


:: Software interessato

versioni precedenti a:

iOS and iPadOS 15.2
macOS Monterey 12.1
macOS Big Sur 11.6.2
macOS Catalina security update 2021-008
watchOS 8.3
tvOS 15.2


:: Impatto

Esecuzione remota di codice arbitrario
Acquisizione di privilegi piu' elevati
Elusione delle restrizioni di sicurezza
Accesso a informazioni riservate e/o sensibili
Denial of Service


:: Soluzione

Aggiornare i software alle ultime versioni

iOS and iPadOS 15.2
macOS Monterey 12.1
macOS Big Sur 11.6.2
macOS Catalina security update 2021-008
watchOS 8.3
tvOS 15.2


:: Riferimenti

Apple
https://support.apple.com/en-us/HT212981
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212979
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212975

CSIRT Italia
https://csirt.gov.it/contenuti/apple-corregge-vulnerabilita-sui-propri-prodotti-al02-211214-csirt-ita

US-CERT
https://www.cisa.gov/uscert/ncas/current-activity/2021/12/14/apple-releases-security-updates-multiple-products

CIS - Center of Internet Security
https://www.cisecurity.org/advisory/multiple-vulnerabilities-in-apple-products-could-allow-for-arbitrary-code-execution_2021-160/

Mitre CVE
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30996
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30995
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30993
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30992
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30991
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30990
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30988
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30987
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30986
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30985
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30984
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30983
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30982
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30981
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30980
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30979
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30977
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30976
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30975
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30973
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30971
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30970
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30969
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30968
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30967
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30966
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30965
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30964
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30963
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30961
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30960
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30959
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30958
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30957
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30955
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30954
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30953
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30952
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30951
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30950
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30949
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30948
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30947
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30946
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30945
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30941
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30940
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30939
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30938
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30937
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30936
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30935
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30934
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30932
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30931
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30929
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30927
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30926
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30916
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30767




GARR CERT Security Alert - subscribe/unsubscribe:
http://www.cert.garr.it/alert/ricevi-gli-alert-di-cert




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iEYEARECAAYFAmG5v9QACgkQwZxMk2USYELAngCdHnraxW30McvUies9m3i1EAJ/
ki0An2BRYifSyDzRdgAFg+qdG1m+19cy
=VE6v
-----END PGP SIGNATURE-----