CVE-2021-1870
Published: 02 April 2021
Summary
CVE-2021-1870 is a critical-severity an unspecified weakness vulnerability in Apple Mac Os X. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 21.1% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SI-4 (System Monitoring).
Deeper analysis
A logic issue addressed with improved restrictions affects multiple Apple operating systems including macOS Big Sur prior to 11.2, macOS Catalina prior to Security Update 2021-001, macOS Mojave prior to Security Update 2021-001, and iOS/iPadOS prior to 14.4. The flaw carries a CVSS score of 9.8 and permits remote code execution without requiring authentication or user interaction.
A remote attacker can exploit the vulnerability over the network to achieve arbitrary code execution with full confidentiality, integrity, and availability impact on the target device. The attack vector requires no privileges or user interface interaction, making it suitable for unauthenticated remote exploitation.
Apple security updates for the listed macOS, iOS, and iPadOS versions resolve the issue. The vendor notes awareness of reports indicating the vulnerability may have been actively exploited in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7334
Vulnerability details
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code…
more
execution. Apple is aware of a report that this issue may have been actively exploited..
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor security updates that remediate the logic flaw enabling unauthenticated remote code execution.
Requires integrity verification of system software/firmware to ensure the vulnerable code paths have been replaced by the patched versions.
Enables continuous monitoring of network and system behavior to identify exploitation attempts against the unpatched logic flaw.