CVE-2021-30757

MEDIUM

iMovie < 10.2.4 - Unauthorized Entitlement and Privacy Permission Access

Title source: llm
STIX 2.1

Description

This issue was addressed by enabling hardened runtime. This issue is fixed in iMovie 10.2.4. Entitlements and privacy permissions granted to this app may be used by a malicious app.

References (1)

Core 1
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212549

Scores

CVSS v3 5.5
EPSS 0.0082
EPSS Percentile 53.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

Status published
Products (1)
apple/imovie < 10.2.4
Published Sep 08, 2021
Tracked Since Feb 18, 2026