CVE-2021-30765

Vulnerability

An out-of-bounds write vulnerability exists in the AMD kernel component of macOS. The issue is a memory corruption bug that was addressed with improved input validation. Affected versions include macOS Big Sur before 11.5, macOS Catalina before Security Update 2021-004, and macOS Mojave before Security Update 2021-005. The bug is reachable by a local application that can trigger the vulnerable code path through a crafted request to the AMD kernel driver [1][2][3].

Exploitation

An attacker needs local access to the system and the ability to execute a malicious application. No additional privileges are required initially; the application interacts with the kernel-level AMD driver to trigger the out-of-bounds write. The specific exploit sequence involves sending malformed input to the driver that bypasses insufficient validation, causing a write past the allocated buffer boundary [1].

Impact

Successful exploitation allows the attacker to execute arbitrary code with kernel privileges. This gives full control over the operating system, enabling the attacker to bypass security mechanisms, access sensitive data, install persistent malware, or perform any action the kernel can execute [1][2][3].

Mitigation

Apple released fixed versions on July 21, 2021: macOS Big Sur 11.5, Security Update 2021-004 for Catalina, and Security Update 2021-005 for Mojave. Users should apply these updates via Software Update. No workaround exists, and the vulnerability is not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog as of this writing [1][2][3].