CVE-2021-1782

CVSS 7 HIGHEPSS 2.2%● KEVCWE-667

In short

A timing flaw in macOS and iOS allows a malicious app to gain elevated privileges by exploiting a race condition in the system's locking mechanism. This is dangerous because the app could bypass security restrictions and access sensitive system functions.

Technical detail

A race condition in a kernel or system service's locking implementation allows a local attacker to execute privileged operations out of intended order. The vulnerability requires running a malicious application on the target device; exploitation leads to privilege escalation and potential system compromise. Apple reported active exploitation in the wild.

Summary generated and translated by AI from the official description.

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Affected products

Apple · iOS and iPadOS Apple · macOS

public PoCs found — 2

githubgithub.com/synacktiv/CVE-2021-1782★ 40 githubgithub.com/raymontag/cve-2021-1782★ 0

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT212146 https://support.apple.com/en-us/HT212147 https://support.apple.com/en-us/HT212148 https://support.apple.com/en-us/HT212149 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1782