CVE-2021-30783: Race Condition
Published Jul 21, 2021
·Updated
AMD Kernel. A memory corruption issue was addressed with improved input validation.
Credit
Ron Waisberg@@epsilan, an anonymous researcher, Ron Hass@@ronhass7(Perception Point), Denis Tokarev@@illusionofcha0s, hjy79425575(Trend Micro Zero Day Initiative), Csaba Fitzl@@theevilbit(Offensive Security), tr3e, George Nosenko, JunDong Xie(Ant Security Light), ryuzaki, Zhongcheng Li (CK01), Tim Michaud@@TimGMichaud(Zoom Video Communications), Gary Nield(ECSC Group plc), Mickey Jin@@patch1t(Trend Micro), Sunglin(Knownsec 404 team), Yizhuo Wang(Group of Software Security In Progress), Linus Henze (pinauten.de), Wojciech Reguła@@_r3ggi(SecuRing), tr3e(Trend Micro Zero Day Initiative), Matt Shockley (twitter.com/mattshockl)(Offensive Security), Jzhu(Baidu Security), Ye Zhang@@co0py_Cat(Baidu Security), CFF(Topsec Alpha Team), Anonymous(Trend Micro Zero Day Initiative), Liu Long(Ant Security Light), Yinyi Wu@@3ndy1(Qihoo 360 Vulcan Team), Zuozhi Fan@@pattern_F_(Ant Security TianQiong Lab), CVE-2021-3518, Georgi Valkov (httpstorm.com), Mickey Jin@@patch1t(Trend Micro working with Trend Micro Zero Day Initiative), Christoph Guttandin(Media Codings), Sergei Glazunov(Google Project Zero), Ivan Fratric(Google Project Zero), ABC Research s.r.o
Affected Software
35 affected componentsFixes available
Apple macOS Big Sur<11.5
11.5
Apple Catalina
Apple Mojave
Apple iOS and macOS>=10.14<=10.14.5
Apple iOS and macOS>=10.15<=10.15.6
Apple iOS and macOS=10.14.6
Apple iOS and macOS=10.14.6-security_update_2019-001
Apple iOS and macOS=10.14.6-security_update_2019-002
Apple iOS and macOS=10.14.6-security_update_2019-004
Apple iOS and macOS=10.14.6-security_update_2019-005
Apple iOS and macOS=10.14.6-security_update_2019-006
Apple iOS and macOS=10.14.6-security_update_2019-007
Apple iOS and macOS=10.14.6-security_update_2020-001
Apple iOS and macOS=10.14.6-security_update_2020-002
Apple iOS and macOS=10.14.6-security_update_2020-003
Apple iOS and macOS=10.14.6-security_update_2020-004
Apple iOS and macOS=10.14.6-security_update_2020-005
Apple iOS and macOS=10.14.6-security_update_2020-006
Apple iOS and macOS=10.14.6-security_update_2020-007
Apple iOS and macOS=10.14.6-security_update_2021-001
Apple iOS and macOS=10.14.6-security_update_2021-002
Apple iOS and macOS=10.14.6-security_update_2021-003
Apple iOS and macOS=10.14.6-security_update_2021-004
Apple iOS and macOS=10.14.6-supplemental_update
Apple iOS and macOS=10.14.6-supplemental_update_2
Apple iOS and macOS=10.15.7
Apple iOS and macOS=10.15.7-security_update_2020
Apple iOS and macOS=10.15.7-security_update_2020-001
Apple iOS and macOS=10.15.7-security_update_2020-005
Apple iOS and macOS=10.15.7-security_update_2020-007
Apple iOS and macOS=10.15.7-security_update_2021-001
Apple iOS and macOS=10.15.7-security_update_2021-002
Apple iOS and macOS=10.15.7-security_update_2021-003
Apple iOS and macOS=10.15.7-supplemental_update
Apple macOS>=11.0<11.5
Event History
Jul 21, 2021
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Sep 8, 2021
CVE Published
via MITRE·01:48 PM
Data Sourced
via MITRE·01:48 PM
DescriptionWeakness
Frequently Asked Questions
1
What is CVE-2021-30783?
CVE-2021-30783 is a vulnerability in CoreServices that allows unauthorized access to LaunchServices.
2
What is the severity of CVE-2021-30783?
The severity of CVE-2021-30783 has not been disclosed.
3
How does CVE-2021-30783 affect Apple Mojave?
CVE-2021-30783 affects Apple Mojave by compromising access restriction controls in the LaunchServices component.
4
Is Apple Catalina affected by CVE-2021-30783?
Yes, Apple Catalina is affected by CVE-2021-30783.
5
How can I fix CVE-2021-30783?
To fix CVE-2021-30783, update your macOS to the latest version provided by Apple.