CVE-2021-30677
Last modified
CVE-2021-30677 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. EPSS estimates a 0.34% chance of exploitation in the next 30 days.
Description
This issue was addressed with improved environment sanitization. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to break out of its sandbox.
Metrics
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Apple | Ipados | < 14.6 |
| Apple | Iphone Os | < 14.6 |
| Apple | Mac Os X | >= 10.14, <= 10.14.5 |
| Apple | Mac Os X | >= 10.15, <= 10.15.6 |
| Apple | Mac Os X | 10.14.6 |
| Apple | Mac Os X | 10.15.7 |
| Apple | Macos | >= 11.0, < 11.4 |
| Apple | Tvos | < 14.6 |
| Apple | Watchos | < 7.5 |
References
- https://support.apple.com/en-us/HT212528Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212529Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212532Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212533Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212600Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212603Release Notes, Vendor Advisory
- https://support.apple.com/kb/HT212602Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212528Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212529Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212532Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212533Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212600Release Notes, Vendor Advisory
- https://support.apple.com/en-us/HT212603Release Notes, Vendor Advisory
- https://support.apple.com/kb/HT212602Release Notes, Vendor Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2021-30677?
How severe is CVE-2021-30677?
How do I fix CVE-2021-30677?
Are you affected by CVE-2021-30677?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST