CVE-2021-1786

Vulnerability

CVE-2021-1786 is a logic issue in the affected operating system kernels, addressed with improved state management. The vulnerability affects macOS Big Sur 11.0.1, macOS Catalina 10.15.7, macOS Mojave 10.14.6, iOS 14.4 and iPadOS 14.4 (iPhone 6s and later, iPad Pro all models, iPad Air 2 and later, iPad 5th gen and later, iPad mini 4 and later, iPod touch 7th gen), watchOS 7.3 (Apple Watch Series 3 and later), and tvOS 14.4 (Apple TV 4K and Apple TV HD) [1][2][3][4]. A local user may be able to exploit this flaw to create or modify system files.

Exploitation

A local user with some level of access to the device can exploit the logic issue. No additional authentication is required beyond local access. The exact exploitation steps are not publicly disclosed by Apple [1][2][3][4]. The condition is triggered through improper state management, allowing a local user to bypass system file protections.

Impact

Successful exploitation allows a local user to create or modify system files. This could lead to privilege escalation, persistent compromise, or system instability, depending on the files modified. The impact is limited to local access, not remote exploitation [1][2][3][4].

Mitigation

The vulnerability is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4, watchOS 7.3, and tvOS 14.4, all released in January 2021 [1][2][3][4]. Users should update their devices to the latest available version. No workaround is provided. The CVE is not listed on the CISA Known Exploited Vulnerabilities (KEV) catalog as of the publication date.