CVE-2021-1782
CVE-2021-1782
Vexday Risk Score
71High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7EPSS 2.2%KEV simPoC públicaNuclei —Metasploit —Patch —
Lifecycle
04 Feb 2021Public PoC
02 Apr 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short
A timing flaw in macOS and iOS allows a malicious app to gain elevated privileges by exploiting a race condition in the system's locking mechanism. This is dangerous because the app could bypass security restrictions and access sensitive system functions.
Technical detail
A race condition in a kernel or system service's locking implementation allows a local attacker to execute privileged operations out of intended order. The vulnerability requires running a malicious application on the target device; exploitation leads to privilege escalation and potential system compromise. Apple reported active exploitation in the wild.
Summary generated and translated by AI from the official description.
A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
public PoCs found — 2
githubgithub.com/synacktiv/CVE-2021-1782★ 40githubgithub.com/raymontag/cve-2021-1782★ 0⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →