CVE-2021-30955

HIGH

macOS Monterey <12.1 - Privilege Escalation

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2021-30955. PoCs published by GeoSn0w.

AI-analyzed exploit summary This repository contains a functional kernel exploit PoC for CVE-2021-30955, targeting iOS 15.1. The exploit leverages a race condition in IOSurface to achieve local privilege escalation (LPE) via memory corruption and spray techniques.

Description

A race condition was addressed with improved state handling. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. A malicious application may be able to execute arbitrary code with kernel privileges.

Exploits (2)

nomisec WORKING POC 19 stars
by GeoSn0w · poc
https://github.com/GeoSn0w/Pentagram-exploit-tester

This repository contains a functional kernel exploit PoC for CVE-2021-30955, targeting iOS 15.1. The exploit leverages a race condition in IOSurface to achieve local privilege escalation (LPE) via memory corruption and spray techniques.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Complex
Reliability
Racy
Target: Apple iOS 15.1
No auth needed
Prerequisites: Physical or local access to an iOS 15.1 device · Kernel memory layout knowledge for spray targeting
devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (4)

Core 4
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212975
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212976
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212978
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212980

Scores

CVSS v3 7.0
EPSS 0.3627
EPSS Percentile 97.2%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-362
Status published
Products (5)
apple/ipados < 15.2
apple/iphone_os < 15.2
apple/macos < 12.1
apple/tvos < 15.2
apple/watchos < 8.3
Published Aug 24, 2021
Tracked Since Feb 18, 2026