CVE-2021-30860
high-risk
Published 2021-08-24
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Do I need to act?
!
70.6% chance of exploitation in next 30 days
EPSS score — higher than 29% of all CVEs
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (14)
Affected Vendors
References (31)
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/25
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/26
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/27
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/28
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/38
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/39
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/40
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/50
Third Party Advisory
https://security.gentoo.org/glsa/202209-21
Vendor Advisory
https://support.apple.com/en-us/HT212804
Vendor Advisory
https://support.apple.com/en-us/HT212805
Vendor Advisory
https://support.apple.com/en-us/HT212806
Vendor Advisory
https://support.apple.com/en-us/HT212807
Vendor Advisory
https://support.apple.com/kb/HT212824
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/25
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/26
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/27
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/28
Mailing List
http://seclists.org/fulldisclosure/2021/Sep/38
and 11 more references
68
/ 100
high-risk
Severity
24/34 · High
Exploitability
26/34 · High
Exposure
18/34 · Moderate