CVE-2021-31010

high-risk

Published 2021-08-24

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

Do I need to act?

0.98% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.5/10 High

NETWORK / LOW complexity

Affected Products (20)

Ipados

Iphone Os

Mac Os X

Macos

Affected Vendors

Apple

References (11)

Vendor Advisory https://support.apple.com/en-us/HT212804

Vendor Advisory https://support.apple.com/en-us/HT212805

Vendor Advisory https://support.apple.com/en-us/HT212806

Vendor Advisory https://support.apple.com/en-us/HT212807

Vendor Advisory https://support.apple.com/en-us/HT212824

Vendor Advisory https://support.apple.com/en-us/HT212804

Vendor Advisory https://support.apple.com/en-us/HT212805

Vendor Advisory https://support.apple.com/en-us/HT212806

Vendor Advisory https://support.apple.com/en-us/HT212807

Vendor Advisory https://support.apple.com/en-us/HT212824

US Government Resource https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

high-risk

Severity 26/34 · High

Exploitability 10/34 · Low

Exposure 20/34 · Moderate