CVE-2021-30869

Summary

CVE	CVE-2021-30869
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-08-24 19:15:00 UTC
Updated	2023-11-07 03:33:00 UTC
Description	A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Risk And Classification

EPSS: 0.023180000 probability, percentile 0.847170000 (date 2026-04-01)

CISA KEV: Listed on 2021-11-03; due 2021-11-17; ransomware use Unknown

Problem Types: CWE-843

CISA Known Exploited Vulnerability

Vendor	Apple
Product	iOS, iPadOS, and macOS
Name	Apple iOS, iPadOS, and macOS Type Confusion Vulnerability
Required Action	Apply updates per vendor instructions.
Notes	https://nvd.nist.gov/vuln/detail/CVE-2021-30869

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Apple	Ipados	All	All	All	All
Operating System	Apple	Iphone Os	All	All	All	All
Operating System	Apple	Macos	All	All	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-001	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-002	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-004	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-005	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-006	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2019-007	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-001	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-002	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-003	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-004	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-005	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-006	All	All
Operating System	Apple	Mac Os X	10.14.6	security_update_2020-007	All	All
Operating System	Apple	Mac Os X	10.15.7	-	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-001	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-005	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2020-007	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-002	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-003	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-004	All	All
Operating System	Apple	Mac Os X	10.15.7	security_update_2021-005	All	All
Operating System	Apple	Mac Os X	10.15.7	supplemental_update	All	All
Operating System	Apple	Mac Os X	All	All	All	All
Operating System	Apple	Mac Os X	All	All	All	All

References

Reference	Source	Link	Tags
About the security content of iOS 12.5.5 - Apple Support	MISC	support.apple.com
About the security content of Security Update 2021-006 Catalina - Apple Support	MISC	support.apple.com
About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave - Apple Support		support.apple.com
About the security content of iOS 14.4 and iPadOS 14.4 - Apple Support	MISC	support.apple.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis
CISA Known Exploited Vulnerabilities catalog	CISA	www.cisa.gov	kev

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

375882 Apple macOS Security Update 2021-006 Catalina (HT212825)
610369 Apple iOS 12.5.5 Security Update Missing (HT212824)