CVE-2021-30860
Published: 24 August 2021
Summary
CVE-2021-30860 is a high-severity Integer Overflow or Wraparound (CWE-190) vulnerability in Apple Mac Os X. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 1.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-16 (Memory Protection).
Deeper analysis
CVE-2021-30860 is an integer overflow vulnerability, tracked under CWE-190, that was addressed with improved input validation during PDF processing. The flaw impacts multiple Apple platforms, including iOS prior to 14.8, iPadOS prior to 14.8, macOS Catalina prior to Security Update 2021-005, macOS Big Sur prior to 11.6, and watchOS prior to 7.6.2.
An unauthenticated local attacker can exploit the issue by supplying a maliciously crafted PDF that triggers the overflow when opened or rendered, resulting in arbitrary code execution. The CVSS 7.8 vector (AV:L/AC:L/PR:N/UI:R) indicates that user interaction is required but no privileges are needed on the target system, with full impact to confidentiality, integrity, and availability.
Apple states that the vulnerability has been mitigated in the listed security updates for each affected platform. The vendor is also aware of reports indicating that the issue may have been actively exploited in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-17777
Vulnerability details
An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution.…
more
Apple is aware of a report that this issue may have been actively exploited.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly implements the improved input validation that Apple used to block the integer overflow when processing a crafted PDF.
Memory-protection mechanisms can block the arbitrary code execution that results once the integer overflow corrupts PDF-rendering memory.
Malicious-code detection can identify and block the specially crafted PDF before it reaches the vulnerable parser.