Unrated severityNVD Advisory· Published Sep 8, 2021· Updated Aug 3, 2024

CVE-2021-30777

Description

An injection issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A malicious application may be able to gain root privileges.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

An injection vulnerability in macOS allows a malicious application to gain root privileges; fixed in macOS Big Sur 11.5 and security updates.

Vulnerability

An injection issue exists in macOS that allows a malicious application to escalate privileges to root. The vulnerability is present in macOS Big Sur before version 11.5, macOS Catalina before Security Update 2021-004, and macOS Mojave before Security Update 2021-005 [1][2][3]. The exact component and injection vector are not publicly detailed by Apple.

Exploitation

An attacker must have the ability to run a malicious application on the target system. No additional authentication or network access is required beyond the initial execution of the application. The injection flaw is triggered when the application processes crafted input, leading to privilege escalation.

Impact

Successful exploitation allows the malicious application to gain root privileges, giving the attacker full control over the affected system. This includes the ability to install software, modify system files, and access sensitive data.

Mitigation

Apple released fixes on July 21, 2021, in macOS Big Sur 11.5, Security Update 2021-004 for Catalina, and Security Update 2021-005 for Mojave [1][2][3]. Users should update to these versions or later. No workarounds are available.

References

AI Insight generated on May 27, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Apple Inc./macOSllm-fuzzy2 versions
= 11.5 (Big Sur) fixed; prior versions affected+ 1 more
- (no CPE)range: = 11.5 (Big Sur) fixed; prior versions affected
- (no CPE)range: unspecified
Apple Inc./Security Update 2021-008 Catalinacpe-rescue
Range: unspecified

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

support.apple.com/en-us/HT212600mitrex_refsource_MISC
support.apple.com/en-us/HT212602mitrex_refsource_MISC
support.apple.com/en-us/HT212603mitrex_refsource_MISC

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000