CVE-2021-1782

HIGH KEV

iPadOS < 14.4 - Privilege Escalation via Race Condition

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-1782 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 3 public exploits from researchers including synacktiv, X1cT34m, raymontag.

AI-analyzed exploit summary This repository contains functional exploit code for CVE-2021-1782, targeting a vulnerability in the IOSurface subsystem on macOS. The code demonstrates memory corruption via crafted IOSurface operations, leveraging kernel object manipulation for privilege escalation.

Description

A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

Exploits (3)

nomisec WORKING POC 39 stars
by synacktiv · local
https://github.com/synacktiv/CVE-2021-1782

This repository contains functional exploit code for CVE-2021-1782, targeting a vulnerability in the IOSurface subsystem on macOS. The code demonstrates memory corruption via crafted IOSurface operations, leveraging kernel object manipulation for privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: macOS IOSurface subsystem (versions affected by CVE-2021-1782)
No auth needed
Prerequisites: Local access to a vulnerable macOS system · Kernel memory manipulation capabilities
devstral-2 · analyzed Feb 18, 2026 Full analysis →
github WORKING POC 4 stars
by X1cT34m · cpoc
https://github.com/X1cT34m/CVE-and-PoC/tree/main/2021/CVE-2021-1782

This repository contains a functional proof-of-concept exploit for CVE-2021-1782, targeting a vulnerability in the IOSurface subsystem on macOS. The exploit leverages memory corruption via crafted IOSurface operations to achieve local privilege escalation.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Reliable
Target: macOS (IOSurface subsystem)
No auth needed
Prerequisites: Local access to a vulnerable macOS system
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (5)

Core 5
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212147
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212146
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212148
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212149

Scores

CVSS v3 7.0
EPSS 0.0588
EPSS Percentile 90.8%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation active
Automatable no
Technical Impact total

Details

CISA KEV 2021-11-03
VulnCheck KEV 2021-01-26
InTheWild.io 2021-01-26
ENISA EUVD EUVD-2021-7246
CWE
CWE-667
Status published
Products (8)
apple/ipados < 14.4
apple/iphone_os < 14.4
apple/mac_os_x 10.14.6 (14 CPE variants)
apple/mac_os_x 10.15.7 (2 CPE variants)
apple/mac_os_x 10.14 - 10.14.6
apple/macos 11.0 - 11.2
apple/tvos < 14.4
apple/watchos < 7.3
Published Apr 02, 2021
KEV Added Nov 03, 2021
Tracked Since Feb 18, 2026