← back
CVE-2021-30833

CVE-2021-30833

EPSS 42.7%
In short

A malicious archive file can trick macOS into writing files anywhere on your system. This is dangerous because an attacker could overwrite important system files or install malware.

Technical detail

The vulnerability exists in archive extraction logic where insufficient path validation allows directory traversal attacks. An attacker can craft a malicious archive with specially crafted file paths to write arbitrary files outside the intended extraction directory, potentially compromising system integrity.

Summary generated and translated by AI from the official description.
This issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.0.1. Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files.
Affected products
Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT212869https://support.apple.com/kb/HT212871https://support.apple.com/kb/HT212872