CVE-2021-30946: Input Validation
Published Aug 24, 2021
·Updated
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, macOS Big Sur 11.6.2. A malicious application may be able to bypass certain Privacy preferences.
Other sources
apache. Multiple issues were addressed by updating apache to version 2.4.53.
— Apple
AppKit. A logic issue was addressed with improved validation.
— Apple
AppleAVD. An out-of-bounds write issue was addressed with improved bounds checking.
— Apple
AppleEvents. A use after free issue was addressed with improved memory management.
— Apple
AppleGraphicsControl. A memory corruption issue was addressed with improved input validation.
— Apple
Credit
@@gorelics, Ron Masas(BreakPoint), @@gorelics(BreakPoint), (BreakPoint), an anonymous researcher, Liu Long(Ant Security Light), Jack Dates(RET2 Systems Inc), Antonio Zekic@@antoniozekic, Jeonghoon Shin(Theori working with Trend Micro Zero Day Initiative), Peter Nguyễn Vũ Hoàng@@peternguyen14(STAR Labs), Ned Williamson(Google Project Zero), Wojciech Reguła@@_r3ggi(SecuRing), Arsenii Kostromin (0x3c3e)(Microsoft), Jonathan Bar Or(Microsoft), Zhipeng Huo@@R3dF09(Tencent Security Xuanwu Lab), Yuebin Sun@@yuebinsun2020(Tencent Security Xuanwu Lab), Max Shavrick@@_mxms(the Google Security Team), Zubair Ashraf(Crowdstrike), CVE-2022-0778, CVE-2022-23308, Mickey Jin@@patch1t, @@gorelics, Linus Henze(Pinauten GmbH), Peter Nguyễn Vũ Hoàng(STAR Labs), Felix Poulin-Belanger, Antonio Cheong Yu Xuan(YCISCQ), Arsenii Kostromin (0x3c3e), CVE-2021-4136, CVE-2021-4166, CVE-2021-4173, CVE-2021-4187, CVE-2021-4192, CVE-2021-4193, CVE-2021-46059, CVE-2022-0128, Heige(KnownSec 404 Team), Bo Qu(Palo Alto Networks), Scarlet Raine, Wang Yu(Cyberserval), CVE-2022-0530, Tavis Ormandy, CVE-2021-45444, Yonghwi Jin@@jinmo123(Theori), Lockheed Martin Red Team, Jeremy Brown(Trend Micro Zero Day Initiative), Michael DePlante@@izobashi(Trend Micro Zero Day Initiative), Qi Sun(Trend Micro), Ye Zhang@@co0py_Cat(Baidu Security), Robert Ai(Trend Micro), CVE-2021-44224, CVE-2021-44790, CVE-2022-22719, CVE-2022-22720, CVE-2022-22721
Affected Software
13 affected componentsFixes available
Apple macOS Big Sur<11.6.2
11.6.2
Apple macOS Big Sur<11.6.8
11.6.8
Apple Catalina
Apple WatchOS<8.3
8.3
Apple WatchOS<8.5
8.5
Apple macOS Monterey<12.1
12.1
Apple iOS<15.2
15.2
Apple iPadOS<15.2
15.2
Apple iPadOS<15.2
Apple iPhone OS<15.2
Apple macOS>=11.0<11.6.2
Apple macOS>=12.0<12.1
Apple WatchOS<8.3
Event History
Aug 24, 2021
CVE Published
via MITRE·06:50 PM
Data Sourced
via MITRE·06:50 PM
DescriptionWeakness
May 16, 2022
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Updated
via Apple·12:00 AM
Description
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2021-30950
- CVE-2021-30931
- CVE-2021-30935
- CVE-2021-30942
- CVE-2021-30957
- CVE-2021-30962
- CVE-2021-30959
- CVE-2021-30961
- CVE-2021-30963
- CVE-2021-30958
- CVE-2021-30945
- CVE-2021-31007
- CVE-2021-31013
- CVE-2021-30895
- CVE-2021-30977
- CVE-2021-30969
- CVE-2021-30939
- CVE-2021-30981
- CVE-2021-30982
- CVE-2021-30927
- CVE-2021-30980
- CVE-2021-30937
- CVE-2021-30949
- CVE-2021-30990
- CVE-2021-30976
- CVE-2021-30929
- CVE-2021-30979
- CVE-2021-30940
- CVE-2021-30941
- CVE-2021-30973
- CVE-2021-30971
- CVE-2021-30995
- CVE-2021-30968
- CVE-2021-30947
- CVE-2021-30946
- CVE-2021-30975
- CVE-2021-31002
- CVE-2021-30767
- CVE-2021-30970
- CVE-2021-30965
- CVE-2021-30938
- CVE-2022-32832
- CVE-2022-32826
- CVE-2022-32797
- CVE-2022-32853
- CVE-2022-32851
- CVE-2022-32831
- CVE-2022-32910
- CVE-2022-32825
- CVE-2022-32820
- CVE-2022-32805
- CVE-2022-32849
- CVE-2022-32839
- CVE-2022-32781
- CVE-2022-32819
- CVE-2022-32787
- CVE-2022-32785
- CVE-2022-32812
- CVE-2022-32811
- CVE-2022-32815
- CVE-2022-32813
- CVE-2022-32823
- CVE-2022-32814
- CVE-2022-32786
- CVE-2022-32800
- CVE-2022-32838
- CVE-2022-32843
- CVE-2022-32857
- CVE-2022-32807
- CVE-2022-26704
- CVE-2022-32834
- CVE-2022-0156
- CVE-2022-0158
- CVE-2022-32860
- CVE-2022-32847
- CVE-2022-32848
- CVE-2021-44224
- CVE-2021-44790
- CVE-2022-22719
- CVE-2022-22720
- CVE-2022-22721
- CVE-2022-22665
- CVE-2022-22675
- CVE-2022-22630
- CVE-2022-26751
- CVE-2022-26698
- CVE-2022-26697
- CVE-2022-22663
- CVE-2022-26721
- CVE-2022-26722
- CVE-2022-26763
- CVE-2022-22674
- CVE-2022-26720
- CVE-2022-26770
- CVE-2022-26756
- CVE-2022-26769
- CVE-2022-26748
- CVE-2022-26768
- CVE-2022-26714
- CVE-2022-26757
- CVE-2022-26767
- CVE-2022-26706
- CVE-2022-32882
- CVE-2022-32790
- CVE-2022-26776
- CVE-2022-0778
- CVE-2022-23308
- CVE-2022-32794
- CVE-2022-26712
- CVE-2022-26746
- CVE-2022-26731
- CVE-2022-26766
- CVE-2022-26718
- CVE-2022-26723
- CVE-2022-26715
- CVE-2022-26728
- CVE-2022-26726
- CVE-2022-26755
- CVE-2021-4136
- CVE-2021-4166
- CVE-2021-4173
- CVE-2021-4187
- CVE-2021-4192
- CVE-2021-4193
- CVE-2021-46059
- CVE-2022-0128
- CVE-2022-22589
- CVE-2022-26745
- CVE-2022-26761
- CVE-2022-0530
- CVE-2018-25032
- CVE-2021-45444
- CVE-2022-22593
- CVE-2022-22579
- CVE-2022-22583
- CVE-2021-30972
- CVE-2022-32842
- CVE-2022-32799
- CVE-2022-32837
- CVE-2021-30960
- CVE-2021-30966
- CVE-2021-30926
- CVE-2021-31000
- CVE-2021-30916
- CVE-2021-30993
- CVE-2021-30955
- CVE-2021-30943
- CVE-2021-30944
- CVE-2021-30964
- CVE-2021-30934
- CVE-2021-30936
- CVE-2021-30951
- CVE-2021-30952
- CVE-2021-30984
- CVE-2021-30953
- CVE-2021-30954
- CVE-2022-22633
- CVE-2022-22666
- CVE-2022-22611
- CVE-2022-22612
- CVE-2022-22596
- CVE-2022-22640
- CVE-2022-22613
- CVE-2022-22614
- CVE-2022-22615
- CVE-2022-22632
- CVE-2022-22638
- CVE-2021-36976
- CVE-2022-21658
- CVE-2022-22670
- CVE-2022-22618
- CVE-2022-22609
- CVE-2022-22654
- CVE-2022-22600
- CVE-2022-22599
- CVE-2022-22621
- CVE-2022-22662
- CVE-2022-22610
- CVE-2022-22624
- CVE-2022-22628
- CVE-2022-22629
- CVE-2022-22637
- CVE-2021-30987
- CVE-2021-30986
- CVE-2021-30996
- CVE-2021-31009
- CVE-2022-22669
- CVE-2022-22631
- CVE-2022-22625
- CVE-2022-22648
- CVE-2022-22626
- CVE-2022-22627
- CVE-2022-22597
- CVE-2022-22616
- CVE-2022-26691
- CVE-2021-22946
- CVE-2021-22947
- CVE-2021-22945
- CVE-2022-22643
- CVE-2022-22657
- CVE-2022-22664
- CVE-2022-46706
- CVE-2022-22661
- CVE-2022-22641
- CVE-2022-22647
- CVE-2022-22656
- CVE-2022-22672
- CVE-2022-22644
- CVE-2022-26690
- CVE-2022-26688
- CVE-2022-22617
- CVE-2022-22650
- CVE-2022-22655
- CVE-2022-22651
- CVE-2022-22639
- CVE-2022-22660
- CVE-2021-30918
- CVE-2022-22668
- CVE-2022-22582
- CVE-2021-30956
- CVE-2021-30992
- CVE-2021-30983
- CVE-2021-30985
- CVE-2021-30991
- CVE-2021-30998
- CVE-2021-30997
- CVE-2021-30967
- CVE-2021-30988
- CVE-2021-30932
- CVE-2021-30948
- CVE-2022-22634
- CVE-2022-22635
- CVE-2022-22636
- CVE-2022-22652
- CVE-2022-22598
- CVE-2022-22642
- CVE-2022-22667
- CVE-2022-22653
- CVE-2022-22622
- CVE-2022-22659
- CVE-2022-22671
Frequently Asked Questions
1
What is CVE-2021-30946?
CVE-2021-30946 is a logic issue that was addressed with improved restrictions.
2
How severe is CVE-2021-30946?
CVE-2021-30946 has a severity rating of medium (5.5).
3
Which products are affected by CVE-2021-30946?
CVE-2021-30946 affects macOS Monterey 12.1, macOS Big Sur 11.6.2, watchOS 8.3, iOS 15.2, and iPadOS 15.2.
4
How can a malicious application exploit CVE-2021-30946?
A malicious application may be able to bypass certain Privacy preferences.
5
How can I fix CVE-2021-30946?
CVE-2021-30946 is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2, watchOS 8.3, iOS 15.2, and iPadOS 15.2. Update your devices to the latest available version.