CVE-2021-30869
HIGH KEViOS <12.5.5, iPadOS <14.4, macOS Big Sur <11.2 - Code Injection
Title source: llmDescription
A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.
References (5)
Scores
CVSS v3
7.8
EPSS
0.0172
EPSS Percentile
82.5%
Attack Vector
LOCAL
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-09-23
InTheWild.io
2021-09-23
ENISA EUVD
EUVD-2021-17786
CWE
CWE-843
Status
published
Products (6)
apple/ipados
< 14.4
apple/iphone_os
12.0 - 12.5.5
apple/macos
11.0 - 11.2
apple/mac_os_x
10.14.6 security_update_2019-001 (13 CPE variants)
apple/mac_os_x
10.15.7 (10 CPE variants)
apple/mac_os_x
10.14 - 10.14.6
Published
Aug 24, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026