BIOS2PSP Command TOCTOU Vulnerability

CVE-2021-46792 · MEDIUM Severity

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Time-of-check Time-of-use (TOCTOU) in the BIOS2PSP command may allow an attacker with a malicious BIOS to create a race condition causing the ASP bootloader to perform out-of-bounds SRAM reads upon an S3 resume event potentially leading to a denial of service.

Learn more about our Cis Benchmark Audit For Apple Ios.