CVE-2021-30937

Vulnerability

A memory corruption vulnerability exists in the XNU kernel of Apple operating systems. The flaw was addressed with improved locking mechanisms. Affected versions include macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, and watchOS 8.3 [1][2][3][4].

Exploitation

An attacker would need to have the ability to run a malicious application on the target device. No additional privileges or user interaction beyond launching the app are required. The exploitation involves triggering a race condition or improper locking that leads to memory corruption.

Impact

Successful exploitation allows the malicious application to execute arbitrary code with kernel privileges, resulting in full compromise of the operating system's security. This could lead to unauthorized data access, modification, or persistent control over the device [1].

Mitigation

Apple released fixes in iOS 15.2, iPadOS 15.2, macOS Monterey 12.1, macOS Big Sur 11.6.2, Security Update 2021-008 Catalina, tvOS 15.2, and watchOS 8.3 on December 13, 2021. Users should update to these versions or later. No workarounds are available beyond applying the security update [1][2][3][4].