Information Disclosure in Apple macOS Products
CVE-2021-30790

7.8HIGH

Key Information:

Vendor
Apple
Status
Security Update - Catalina
Mac OS
Vendor
CVE Published:
8 September 2021

Summary

An information disclosure vulnerability exists within Apple's macOS that may allow a maliciously crafted file to lead to unexpected application termination or arbitrary code execution. This flaw was resolved through the removal of the vulnerable code in macOS Big Sur 11.5, along with the Security Updates 2021-004 for Catalina and 2021-005 for Mojave, ensuring improved security against exploitation.

Affected Version(s)

macOS < 11.5

macOS < 2021

Security Update - Catalina < 2021

References

https://support.apple.com/en-us/HT212602
x_refsource_MISC
https://support.apple.com/en-us/HT212600
x_refsource_MISC
https://support.apple.com/en-us/HT212603
x_refsource_MISC

CVSS V3.1

Score:
7.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Local
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.