CVE-2021-30713

Warning

EPSS 0.14%
Published 08.09.2021 15:15:15
Last modified 28.02.2025 14:44:48
Source product-security@apple.com
Teams watchlist Login
Open Login

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

Affected products Warnungen 1 Metrics 4 CWE 2 References 6

Data is provided by the National Vulnerability Database (NVD)

Apple ≫ macOS X Version >= 10.15 <= 10.15.7

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-001

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-002

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-003

Apple ≫ macOS X Version10.15.7 Updatesecurity_update_2021-004

Apple ≫ macOS Version < 11.4

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple macOS Unspecified Vulnerability

Vulnerability

Apple macOS Transparency, Consent, and Control (TCC) contains an unspecified permissions issue which may allow a malicious application to bypass privacy preferences.

Description

Apply updates per vendor instructions.

Required actions

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	0.14%	0.351

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov	4.6	3.9	6.4	AV:L/AC:L/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	7.8	1.8	5.9	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

CWE-862 Missing Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

http://seclists.org/fulldisclosure/2021/Sep/40

Third Party Advisory

Mailing List

https://support.apple.com/kb/HT212805

Vendor Advisory

Release Notes

https://support.apple.com/en-us/HT212529

Vendor Advisory

Release Notes

https://nvd.nist.gov/vuln/detail/CVE-2021-30713

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30713

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30713

EUVD