Contáctanos al
1510
Resumen
El Equipo de Respuesta ante Incidentes de Seguridad Informática, CSIRT de Gobierno, comparte información sobre vulnerabilidades que afectan a diferentes productos de Apple.
Este informe incluye las medidas de mitigación, consistentes en instalar la última actualización de los productos afectados.
Vulnerabilidades
CVE-2020-27942
CVE-2020-3838
CVE-2020-7463
CVE-2020-8037
CVE-2020-8285
CVE-2020-8286
CVE-2021-1739
CVE-2021-1740
CVE-2021-1784
CVE-2021-1797
CVE-2021-1805
CVE-2021-1806
CVE-2021-1807
CVE-2021-1808
CVE-2021-1809
CVE-2021-1810
CVE-2021-1811
CVE-2021-1813
CVE-2021-1815
CVE-2021-1816
CVE-2021-1817
CVE-2021-1820
CVE-2021-1822
CVE-2021-1824
CVE-2021-1825
CVE-2021-1826
CVE-2021-1828
CVE-2021-1830
CVE-2021-1831
CVE-2021-1832
CVE-2021-1834
CVE-2021-1835
CVE-2021-1836
CVE-2021-1837
CVE-2021-1839
CVE-2021-1840
CVE-2021-1843
CVE-2021-1846
CVE-2021-1847
CVE-2021-1848
CVE-2021-1849
CVE-2021-1851
CVE-2021-1852
CVE-2021-1853
CVE-2021-1854
CVE-2021-1857
CVE-2021-1858
CVE-2021-1860
CVE-2021-1864
CVE-2021-1865
CVE-2021-1867
CVE-2021-1868
CVE-2021-1872
CVE-2021-1873
CVE-2021-1874
CVE-2021-1875
CVE-2021-1876
CVE-2021-1877
CVE-2021-1878
CVE-2021-1881
CVE-2021-1882
CVE-2021-1883
CVE-2021-1884
CVE-2021-1885
CVE-2021-21300
CVE-2021-30652
CVE-2021-30653
CVE-2021-30656
CVE-2021-30659
CVE-2021-30660
CVE-2021-30661
Impactos
Las principales vulnerabilidades consideradas de riesgo alto son las siguientes:
Una vulnerabilidad con CVE pendiente que afecta a Apple Safari es considerada como de riesgo alto. Permite a un atacante remoto comprometer un sistema objetivo, debido a un error de uso de memoria después de ser liberada en WebRTC.
CVE-2021-1876 es una vulnerabilidad en macOS que permite a un atacante remoto comprometer un sistema objetivo. Existe debido a un error de uso de memoria después de ser liberada dentro del componente NSRemoteView.
CVE-2021-1875 es una vulnerabilidad en macOS que permite a un atacante remoto comprometer un sistema objetivo. Existe debido a un error al procesar archivos dentro de la biblioteca libxslt.
CVE-2021-1843 es una vulnerabilidad en macOS que permite a un atacante remoto comprometer un sistema objetivo. Existe debido a una validación insuficiente de la información ingresada por los usuarios en el componente ImageIO.
CVE-2020-27942, CVE-2021-1881 son vulnerabilidades en macOS que permiten a un atacante remoto comprometer un sistema objetivo. Existen debido a errores en el componente FontParser.
CVE-2021-1847 es una vulnerabilidad en macOS que permite a un atacante remoto comprometer un sistema objetivo. Existe debido a un error de límites de memoria en el componente CoreGraphics.
CVE-2021-1828 es una vulnerabilidad en macOS que permite a un atacante remoto comprometer un sistema objetivo. Existe debido a un error de límites de memoria dentro del componente WiF.
Productos Afectados
Apple Safari 14.0 a 14.0.3-15610.4.3.1.7.
macOS 10.14 18A391 a 11.2.3 20D91.
iOS 14.5
iPadOS 14.5
Xcode 12.5
iCloud for Windows 12.3
Mitigación
Instalar las respectivas actualizaciones desde el sitio web del proveedor.
Enlaces
https://support.apple.com/en-us/HT212318
https://support.apple.com/en-us/HT212326
https://support.apple.com/en-us/HT212325
https://support.apple.com/en-us/HT212326
https://support.apple.com/en-us/HT212327
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27942
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-3838
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-7463
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8037
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8285
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-8286
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1739
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1740
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1784
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1797
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1805
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1806
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1807
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1808
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1809
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1810
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1811
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1813
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1815
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1816
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1817
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1820
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1822
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1824
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1825
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1826
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1828
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1830
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1831
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1832
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1834
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1835
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1836
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1837
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1839
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1840
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1843
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1846
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1847
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1848
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1849
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1851
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1852
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1853
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1854
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1857
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1858
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1860
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1864
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1865
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1867
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1868
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1872
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1873
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1874
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1875
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1876
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1877
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1878
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1881
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1882
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1883
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1884
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1885
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21300
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30652
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30653
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30656
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30659
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30660
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30661
Informe
El informe oficial publicado por el CSIRT del Gobierno de Chile está disponible en el siguiente enlace: 9VSA21-00431-01