Cyber Resilience

CVE-2021-1782

HighCISA KEVActive ExploitationEUVD Exploited

Published: 02 April 2021

Published
02 April 2021
Modified
23 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.0 CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0588 90.8th percentile
Risk Priority 38 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-1782 is a high-severity Improper Locking (CWE-667) vulnerability in Apple Mac Os X. Its CVSS base score is 7.0 (High).

Operationally, ranked in the top 9.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-2 (Flaw Remediation).

Deeper analysis

A race condition vulnerability stemming from improper locking, tracked as CVE-2021-1782 and assigned CWE-667, affects multiple Apple operating systems including macOS Big Sur, Catalina, and Mojave along with iOS 14, iPadOS 14, tvOS 14, and watchOS 7. The flaw permits a malicious application to elevate privileges on the affected platform, as confirmed by its CVSS 3.1 vector indicating local attack with high complexity but full impact on confidentiality, integrity, and availability.

An attacker with the ability to run code as a low-privileged local user can exploit the race condition to gain elevated rights. Because the issue requires only local access and no user interaction, it can be triggered from within a sandboxed or third-party application that an end user has already installed.

Apple has released fixes in macOS Big Sur 11.2, Security Update 2021-001 for Catalina and Mojave, iOS 14.4 and iPadOS 14.4, tvOS 14.4, and watchOS 7.3; the corresponding security advisories direct administrators to apply these updates to address the locking deficiency.

Apple has stated that it is aware of reports indicating the vulnerability may have been actively exploited in the wild prior to patching.

EU & UK References

Vulnerability details

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able…

more

to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 14.4
apple
iphone os
≤ 14.4
apple
mac os x
10.14.6, 10.15.7 · 10.14 — 10.14.6 · 10.15 — 10.15.7
apple
macos
11.0 — 11.2
apple
tvos
≤ 14.4
apple
watchos
≤ 7.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces access rights so that the race condition in locking cannot be exploited to obtain unauthorized elevation.

prevent

Requires prompt application of the vendor patches that correct the improper locking and eliminate the exploitable race.

prevent

Process isolation limits the ability of a malicious application to influence kernel or other-process locking primitives used in the race.

References