Cyber Resilience

CVE-2021-30860

HighCISA KEVActive ExploitationEUVD Exploited

Published: 24 August 2021

Published
24 August 2021
Modified
27 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.7197 98.8th percentile
Risk Priority 79 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-30860 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Apple Mac Os X. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).

Deeper analysis

CVE-2021-30860 is an integer overflow vulnerability, tracked under CWE-190, that was addressed with improved input validation during PDF processing. The flaw impacts multiple Apple platforms, including iOS prior to 14.8, iPadOS prior to 14.8, macOS Catalina prior to Security Update 2021-005, macOS Big Sur prior to 11.6, and watchOS prior to 7.6.2.

An unauthenticated local attacker can exploit the issue by supplying a maliciously crafted PDF that triggers the overflow when opened or rendered, resulting in arbitrary code execution. The CVSS 7.8 vector (AV:L/AC:L/PR:N/UI:R) indicates that user interaction is required but no privileges are needed on the target system, with full impact to confidentiality, integrity, and availability.

Apple states that the vulnerability has been mitigated in the listed security updates for each affected platform. The vendor is also aware of reports indicating that the issue may have been actively exploited in the wild.

EU & UK References

Vulnerability details

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution.…

more

Apple is aware of a report that this issue may have been actively exploited.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 14.8
apple
iphone os
≤ 12.5.5 · 13.0 — 14.8
apple
mac os x
10.15.7 · 10.15 — 10.15.7
apple
macos
≤ 11.6
apple
watchos
≤ 7.6.2
xpdfreader
xpdf
≤ 4.04
freedesktop
poppler
≤ 22.09.0

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements the improved input validation that Apple used to block the integer overflow when processing a crafted PDF.

prevent

Memory-protection mechanisms can block the arbitrary code execution that results once the integer overflow corrupts PDF-rendering memory.

preventdetect

Malicious-code detection can identify and block the specially crafted PDF before it reaches the vulnerable parser.

References