CVE-2021-30713

CVSS 7.8 HIGHEPSS 6.6%● KEVCWE-862

In short

A malicious app could bypass your Mac's privacy settings to access protected information without permission. This flaw allowed apps to circumvent the security controls that normally ask for your consent.

Technical detail

CWE-862 authorization bypass in macOS Big Sur prior to 11.4 allowed a local attacker with application execution capability to circumvent privacy preference validation. The vulnerability enabled unauthorized access to protected user data by bypassing entitlement checks, with evidence of active exploitation in the wild.

Summary generated and translated by AI from the official description.

A permissions issue was addressed with improved validation. This issue is fixed in macOS Big Sur 11.4. A malicious application may be able to bypass Privacy preferences. Apple is aware of a report that this issue may have been actively exploited..

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

http://seclists.org/fulldisclosure/2021/Sep/40 https://support.apple.com/en-us/HT212529 https://support.apple.com/kb/HT212805 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30713