CVE-2021-30657
Published: 08 September 2021
Summary
CVE-2021-30657 is a medium-severity Missing Authorization (CWE-862) vulnerability in Apple Mac Os X. Its CVSS base score is 5.5 (Medium).
Operationally, ranked in the top 0.7% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and CM-14 (Signed Components).
Deeper analysis
A logic issue addressed through improved state management affects Gatekeeper on macOS, allowing improper validation of application signatures. The vulnerability impacts macOS Big Sur prior to version 11.3 and macOS Catalina prior to Security Update 2021-002, as documented in the associated Apple security advisories. It is classified under CWE-862 with a CVSS score of 5.5 reflecting local access requirements and integrity impact without confidentiality or availability effects.
An attacker can deliver a malicious application that bypasses Gatekeeper checks when a user attempts to open it, enabling execution of unsigned or improperly signed code. The attack requires user interaction but no elevated privileges, permitting the application to run despite macOS security controls intended to block such software.
Apple has released fixes in macOS Big Sur 11.3 and Security Update 2021-002 Catalina to resolve the issue. The vendor notes awareness of active exploitation in the wild, and the vulnerability is listed in the CISA Known Exploited Vulnerabilities catalog, confirming reported real-world use.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-17574
Vulnerability details
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have…
more
been actively exploited..
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly enforces the Gatekeeper policy that only properly signed applications may execute, blocking the exact signature-validation bypass described in the CVE.
Mandates that software components be digitally signed and verified prior to execution, directly mitigating the flawed state-management logic that allowed unsigned code to run.
Requires integrity verification (including signature checks) of software before and during execution, addressing the improper validation that permitted malicious applications to bypass Gatekeeper.