CVE-2021-30869

high-risk

Published 2021-08-24

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Do I need to act?

2.3% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (20)

Ipados

Iphone Os

Mac Os X

Affected Vendors

Apple

References (9)

Vendor Advisory https://support.apple.com/en-us/HT212146

Vendor Advisory https://support.apple.com/en-us/HT212147

Vendor Advisory https://support.apple.com/en-us/HT212824

Vendor Advisory https://support.apple.com/en-us/HT212825

Vendor Advisory https://support.apple.com/en-us/HT212146

Vendor Advisory https://support.apple.com/en-us/HT212147

Vendor Advisory https://support.apple.com/en-us/HT212824

Vendor Advisory https://support.apple.com/en-us/HT212825

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

high-risk

Severity 24/34 · High

Exploitability 12/34 · Low

Exposure 22/34 · High