Cyber Resilience

CVE-2021-30657

MediumCISA KEVActive ExploitationEUVD Exploited

Published: 08 September 2021

Published
08 September 2021
Modified
23 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 5.5 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
EPSS Score 0.8308 99.3th percentile
Risk Priority 81 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-30657 is a medium-severity Missing Authorization (CWE-862) vulnerability in Apple Mac Os X. Its CVSS base score is 5.5 (Medium).

Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-14 (Signed Components).

Deeper analysis

A logic issue addressed through improved state management affects Gatekeeper on macOS, allowing improper validation of application signatures. The vulnerability impacts macOS Big Sur prior to version 11.3 and macOS Catalina prior to Security Update 2021-002, as documented in the associated Apple security advisories. It is classified under CWE-862 with a CVSS score of 5.5 reflecting local access requirements and integrity impact without confidentiality or availability effects.

An attacker can deliver a malicious application that bypasses Gatekeeper checks when a user attempts to open it, enabling execution of unsigned or improperly signed code. The attack requires user interaction but no elevated privileges, permitting the application to run despite macOS security controls intended to block such software.

Apple has released fixes in macOS Big Sur 11.3 and Security Update 2021-002 Catalina to resolve the issue. The vendor notes awareness of active exploitation in the wild, and the vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, confirming reported real-world use.

EU & UK References

Vulnerability details

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have…

more

been actively exploited..

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
mac os x
10.15.6, 10.15.7 · 10.15 — 10.15.5
apple
macos
11.0 — 11.3

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces the Gatekeeper policy that only properly signed applications may execute, blocking the exact signature-validation bypass described in the CVE.

prevent

Mandates that software components be digitally signed and verified prior to execution, directly mitigating the flawed state-management logic that allowed unsigned code to run.

preventdetect

Requires integrity verification (including signature checks) of software before and during execution, addressing the improper validation that permitted malicious applications to bypass Gatekeeper.

References