CVE-2021-31010

HIGH KEV

Apple - Use After Free

Title source: llm

Description

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

References (6)

[Vendor Advisory] https://support.apple.com/en-us/HT212804

[Vendor Advisory] https://support.apple.com/en-us/HT212805

[Vendor Advisory] https://support.apple.com/en-us/HT212806

[Vendor Advisory] https://support.apple.com/en-us/HT212807

[Vendor Advisory] https://support.apple.com/en-us/HT212824

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31010

Scores

CVSS v3 7.5

EPSS 0.0098

EPSS Percentile 76.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Exploitation Intel

CISA KEV 2022-08-25

VulnCheck KEV 2021-09-13

InTheWild.io 2021-09-13

ENISA EUVD EUVD-2021-17927

Classification

CWE

CWE-502

Status published

Affected Products (21)

apple/ipados < 14.8

apple/iphone_os < 12.5.5

apple/mac_os_x < 10.15.7

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

apple/mac_os_x

... and 6 more

Timeline

Published Aug 24, 2021

KEV Added Aug 25, 2022

Tracked Since Feb 18, 2026