CVE-2021-30657 vulnerability in Apple Products
Published on September 8, 2021
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
Known Exploited Vulnerability
This Apple macOS Policy Subsystem Gatekeeper Bypass vulnerability is part of CISA's list of Known Exploited Vulnerabilities. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited.
The following remediation steps are recommended / required by November 17, 2021: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2021-30657 can be exploited with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality, a high impact on integrity, and no impact on availability.
Products Associated with CVE-2021-30657
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-30657 are published in these products:
What versions are vulnerable to CVE-2021-30657?
-
Apple Mac OSX
Version 10.15.7
supplemental_update
-
Apple Mac OSX
Version 10.15.7
security_update_2020-005
-
Apple Mac OSX
Version 10.15.7
security_update_2020-007
-
Apple Mac OSX
Version 10.15.7
-
-
Apple Mac OSX
Version 10.15.7
security_update_2020-001
-
Apple Mac OSX
Version 10.15.6
supplemental_update
-
Apple Mac OSX
Version 10.15.6
-
-
Apple Mac OSX
Version 10.15.7
security_update_2020
-
Apple Macos
Version 11.0
Fixed in Version 11.3
-
Apple Mac OSX
Version 10.15
through 10.15.5