CVE-2021-30688

Q: What is CVE-2021-30688?

CVE-2021-30688 is a vulnerability in the App Store that allows a malicious application to break out of its sandbox.

Q: What is the severity of CVE-2021-30688?

The severity of CVE-2021-30688 is not specified.

Q: How does CVE-2021-30688 affect macOS Big Sur?

CVE-2021-30688 affects macOS Big Sur version up to but excluding 11.4.

Q: How does CVE-2021-30688 affect Apple Catalina?

The impact of CVE-2021-30688 on Apple Catalina is not mentioned.

Q: How can I fix CVE-2021-30688?

To fix CVE-2021-30688, update your macOS Big Sur to version 11.4 or later.

Published May 24, 2021

Updated

A malicious application may be able to break out of its sandbox. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina. A path handling issue was addressed with improved validation.

Credit

Thijs Alkemade(Computest Research Division)

Affected Software

12 affected componentsFixes available

Apple macOS Big Sur<11.4

11.4

Apple Catalina

Apple iOS and macOS>=10.15<=10.15.6

Apple iOS and macOS=10.15.7

Apple iOS and macOS=10.15.7-security_update_2020

Apple iOS and macOS=10.15.7-security_update_2020-001

Apple iOS and macOS=10.15.7-security_update_2020-005

Apple iOS and macOS=10.15.7-security_update_2020-007

Apple iOS and macOS=10.15.7-security_update_2021-001

Apple iOS and macOS=10.15.7-security_update_2021-002

Apple iOS and macOS=10.15.7-supplemental_update

Apple macOS>=11.0<11.4

Event History

Sep 8, 2021

CVE Published

via MITRE·02:28 PM

Data Sourced

via MITRE·02:28 PM

DescriptionWeakness

Frequently Asked Questions

What is CVE-2021-30688?

CVE-2021-30688 is a vulnerability in the App Store that allows a malicious application to break out of its sandbox.

What is the severity of CVE-2021-30688?

The severity of CVE-2021-30688 is not specified.

How does CVE-2021-30688 affect macOS Big Sur?

CVE-2021-30688 affects macOS Big Sur version up to but excluding 11.4.

How does CVE-2021-30688 affect Apple Catalina?

The impact of CVE-2021-30688 on Apple Catalina is not mentioned.

How can I fix CVE-2021-30688?

To fix CVE-2021-30688, update your macOS Big Sur to version 11.4 or later.

CVSS Score

8.8High

High Severity

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Security Metrics

Risk Score73

Severityhigh(8.8)

Timeline

PublishedMay 24, 2021

Updated

References

Parent Advisories

Peer Vulnerabilities

Tags

agent/typeagent/first-publish-datecollector/mitre-cvesource/MITREagent/referencesagent/severityagent/last-modified-dateagent/descriptionagent/eventagent/trendingcollector/apple-supportagent/software-canonical-lookup-requestagent/sourceagent/authorcollector/nvd-indexagent/tagsagent/softwarecombineagent/risk-scorevendor/applecanonical/apple macoscanonical/macos catalinacanonical/apple ios and macosversion/apple ios and macos/10.15version/apple ios and macos/10.15.6version/apple ios and macos/10.15.7version/apple ios and macos/10.15.7-security_update_2020version/apple ios and macos/10.15.7-security_update_2020-001version/apple ios and macos/10.15.7-security_update_2020-005version/apple ios and macos/10.15.7-security_update_2020-007version/apple ios and macos/10.15.7-security_update_2021-001version/apple ios and macos/10.15.7-security_update_2021-002version/apple ios and macos/10.15.7-supplemental_updatecanonical/macosversion/macos/11.0

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.