CVE-2021-1871
Published: 02 April 2021
Summary
CVE-2021-1871 is a critical-severity an unspecified weakness vulnerability in Apple Mac Os X. Its CVSS base score is 9.8 (Critical).
Operationally, ranked in the top 34.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-2 (Flaw Remediation) and SC-7 (Boundary Protection).
Deeper analysis
A logic issue addressed with improved restrictions affects multiple Apple operating systems, including versions of macOS prior to Big Sur 11.2, Catalina and Mojave prior to Security Update 2021-001, and iOS and iPadOS prior to 14.4. The flaw received a CVSS score of 9.8, reflecting network-accessible attack conditions with no required authentication or user interaction.
A remote attacker can exploit the vulnerability to achieve arbitrary code execution on an affected device. The attack requires only network connectivity and can fully compromise confidentiality, integrity, and availability of the target system.
Apple security updates for the listed platforms remediate the issue, and the vendor has stated awareness of reports indicating active exploitation in the wild. Additional distribution-specific advisories reference the same underlying component updates.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-7335
Vulnerability details
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code…
more
execution. Apple is aware of a report that this issue may have been actively exploited..
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires timely installation of vendor security updates that remediate the logic flaw enabling remote code execution.
Boundary-protection mechanisms can restrict the network-accessible attack vector used to reach the vulnerable component without authentication.
Continuous system monitoring can identify anomalous behavior or indicators associated with active exploitation of the RCE flaw.