CVE-2021-30910: Apple macOS ModelIO ABC File Parsing Out-Of-Bounds Read Information Disclosure Vulnerability
Model I/O. An out-of-bounds read was addressed with improved bounds checking.
Other sources
An out-of-bounds read was addressed with improved bounds checking. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1. Processing a maliciously crafted file may disclose user information.
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apple macOS. Interaction with the ModelIO library is required to exploit this vulnerability but attack vectors may vary depending on the implementation. The specific flaw exists within the ModelIO framework. Crafted data in an ABC file can trigger a read past the end of an allocated data structure. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the current process.
Credit
Affected Software
Event History
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2021-30876
- CVE-2021-30879
- CVE-2021-30877
- CVE-2021-30880
- CVE-2021-30907
- CVE-2021-30899
- CVE-2021-30926
- CVE-2021-30917
- CVE-2021-30903
- CVE-2021-30905
- CVE-2021-30919
- CVE-2021-30881
- CVE-2021-30900
- CVE-2021-30906
- CVE-2021-30824
- CVE-2021-30901
- CVE-2021-30922
- CVE-2021-30821
- CVE-2021-30883
- CVE-2021-30909
- CVE-2021-30916
- CVE-2021-30910
- CVE-2021-30911
- CVE-2021-30844
- CVE-2021-30868
- CVE-2021-30913
- CVE-2021-30912
- CVE-2021-30915
- CVE-2021-30908
- CVE-2021-30833
- CVE-2021-30892
- CVE-2021-31007
- CVE-2021-30895
- CVE-2021-30896
- CVE-2021-30894
- CVE-2021-30924
- CVE-2021-30886
- CVE-2021-31008
- CVE-2021-30887
- CVE-2021-30888
- CVE-2021-30889
- CVE-2021-30890
- CVE-2021-30873
- CVE-2021-30834
- CVE-2021-30994
- CVE-2021-30931
- CVE-2021-30866
- CVE-2020-9846
- CVE-2021-30923
- CVE-2021-30831
- CVE-2021-30840
- CVE-2021-30852
- CVE-2021-30933
- CVE-2021-30867
- CVE-2021-30814
- CVE-2021-30864
- CVE-2021-30813
- CVE-2021-31011
- CVE-2021-30904
- CVE-2021-30874
- CVE-2021-30808
- CVE-2021-30920
- CVE-2021-31004
- CVE-2021-31002
- CVE-2021-31005
- CVE-2021-30897
- CVE-2021-30884
- CVE-2021-30818
- CVE-2021-30836
- CVE-2021-30846
- CVE-2021-30849
- CVE-2021-30848
- CVE-2021-30851
- CVE-2021-30809
- CVE-2021-30823
- CVE-2021-30861
- CVE-2021-30930
- CVE-2021-30914
- CVE-2021-30875
- CVE-2021-30902
Frequently Asked Questions
What is CVE-2021-30910?
CVE-2021-30910 refers to a vulnerability in Model I/O that allowed for an out-of-bounds read, which has been addressed with improved bounds checking.
Who is affected by CVE-2021-30910?
Users of Apple products including Apple Catalina, macOS Big Sur, iOS, iPadOS, macOS Monterey, and tvOS are affected by CVE-2021-30910.
How can I check if my system is affected by CVE-2021-30910?
You can check if your system is affected by CVE-2021-30910 by reviewing the list of affected software versions provided by Apple in their security advisory.
How can I fix CVE-2021-30910?
To fix CVE-2021-30910, you should update your Apple device to the recommended software version provided by Apple in their security advisory.
Where can I find more information about CVE-2021-30910?
You can find more information about CVE-2021-30910 in the security advisory published by Apple, which includes mitigation steps and links to additional resources.