CVE-2021-30790

Vulnerability

CVE-2021-30790 is an information disclosure issue in macOS that was addressed by removing the vulnerable code. The official description indicates that opening a maliciously crafted file could lead to unexpected application termination or arbitrary code execution. Apple's security advisories [1][2][3] describe the root cause as a memory corruption issue addressed with improved input validation, affecting macOS Big Sur prior to 11.5, macOS Catalina prior to Security Update 2021-004, and macOS Mojave prior to Security Update 2021-005.

Exploitation

To exploit this vulnerability, an attacker must convince a user to open a specially crafted file, likely in an affected macOS version. No additional privileges beyond user interaction are required. The exact sequence of steps is not publicly disclosed, but the official description confirms that a malicious file can trigger the memory corruption, leading to application termination or arbitrary code execution.

Impact

Successful exploitation could allow an attacker to execute arbitrary code with kernel privileges [1][2][3], potentially leading to full system compromise. The vulnerability also poses a risk of unexpected application termination, causing denial of service. The impact is thus high, covering confidentiality, integrity, and availability, as the attacker gains privileged access.

Mitigation

Apple released fixes on July 21, 2021, for all affected versions: macOS Big Sur 11.5 [1], Security Update 2021-004 for Catalina [2], and Security Update 2021-005 for Mojave [3]. Users should update to these patched versions. No workarounds are documented; installing the updates is the only mitigation.