cbcvebase.
CVE-2021-1782
published 2021-04-02

CVE-2021-1782: A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001…

PriorityP180high7CVSS 3.1
AVLACHPRLUINSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
2.22%
80.5th percentile
A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited..

Affected

15 ranges
VendorProductVersion rangeFixed in
appleios_14.4_and_ipados
appleios_and_ipados>= unspecified < 14.414.4
appleipados< 14.414.4
appleiphone_os< 14.414.4
applemac_os_x
applemac_os_x
applemac_os_x>= 10.14 < 10.14.610.14.6
applemac_os_x>= 10.15 < 10.15.710.15.7
applemacos>= 11.0 < 11.211.2
applemacos>= unspecified < 11.211.2
applemacos>= unspecified < 7.37.3
applemacos>= unspecified < 14.414.4
applemacos_big_sur_11.2_security_update_2021-001_catalina_security_update_2021-001_mo
appletvos< 14.414.4
applewatchos< 7.37.3

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is a kernel-level race condition (locking flaw) exploited via a malicious local application to elevate privileges on Apple platforms (iOS, iPadOS, macOS, watchOS, tvOS)
  • Exploitation vector is a locally installed malicious application triggering a kernel race condition to gain elevated privileges — hunt for unexpected privilege escalation from user-space apps on Apple devices
  • Confirmed in-the-wild exploitation; treat any unpatched Apple device (iOS < 14.4, macOS < Big Sur 11.2 / Catalina Security Update 2021-001 / Mojave Security Update 2021-001, watchOS < 7.3, tvOS < 14.4) as high-risk for privilege-escalation attacks via malicious apps
  • ·No public proof-of-concept or exploit code with concrete IOCs (hashes, domains, IPs, signatures) was present in the provided sources; all exploitation details remain undisclosed by Apple

CVSS provenance

nvdv3.17.0HIGHCVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.9MEDIUMAV:L/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.0HIGH
cisa7.0HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.