CVE-2021-30753: Input Validation
Published May 24, 2021
·Updated
CoreText. Processing a maliciously crafted font may result in the disclosure of process memory.
Credit
Sunglin(the Knownsec 404), Xingwei Lin(Ant Security Light)
Affected Software
10 affected componentsFixes available
Apple macOS Big Sur<11.4
11.4
Apple tvOS<14.6
14.6
Apple WatchOS<7.5
7.5
Apple iOS<14.6
14.6
Apple iPadOS<14.6
14.6
Apple iPadOS<14.6
Apple iPhone OS<14.6
Apple macOS>=11.0.1<11.4
Apple tvOS<14.6
Apple WatchOS<7.5
Event History
Sep 8, 2021
CVE Published
via MITRE·01:45 PM
Data Sourced
via MITRE·01:45 PM
DescriptionWeakness
Frequently Asked Questions
1
What is CVE-2021-30753?
CVE-2021-30753 is a vulnerability in CoreText that can result in the disclosure of process memory when processing a maliciously crafted font.
2
Which software versions are affected by CVE-2021-30753?
CVE-2021-30753 affects Apple tvOS up to version 14.6, Apple watchOS up to version 7.5, Apple macOS Big Sur up to version 11.4, Apple iOS up to version 14.6, and Apple iPadOS up to version 14.6.
3
What is the severity of CVE-2021-30753?
The severity of CVE-2021-30753 is not specified in the provided information.
4
How can I fix CVE-2021-30753?
To fix CVE-2021-30753, update to the latest available version of Apple tvOS, watchOS, macOS Big Sur, iOS, or iPadOS depending on the affected software.