CVE-2021-1782

HIGH KEV

Apple Ipados < 14.4 - Improper Locking

Title source: rule

Description

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

Exploits (3)

nomisec WORKING POC 39 stars
by synacktiv · local
https://github.com/synacktiv/CVE-2021-1782
github WORKING POC 4 stars
by X1cT34m · cpoc
https://github.com/X1cT34m/CVE-and-PoC/tree/main/2021/CVE-2021-1782
nomisec NO CODE
by raymontag · poc
https://github.com/raymontag/cve-2021-1782

References (5)

Scores

CVSS v3 7.0
EPSS 0.0588
EPSS Percentile 90.6%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-01-26
InTheWild.io 2021-01-26
ENISA EUVD EUVD-2021-7246
CWE
CWE-667
Status published
Products (8)
apple/ipados < 14.4
apple/iphone_os < 14.4
apple/macos 11.0 - 11.2
apple/mac_os_x 10.14.6 (14 CPE variants)
apple/mac_os_x 10.15.7 (2 CPE variants)
apple/mac_os_x 10.14 - 10.14.6
apple/tvos < 14.4
apple/watchos < 7.3
Published Apr 02, 2021
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026