CVE-2021-30783 — Incorrect Authorization in Apple Macos

CWE-863 — Incorrect Authorization CWE-252 — Unchecked Return Value8 documents7 sources

Severity

6.5MEDIUMNVD

EPSS

0.1%

top 65.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Security Update Catalina Apple MAC OS X

Timeline

PublishedSep 8

Latest updateJun 7

Description

An access issue was addressed with improved access restrictions. This issue is fixed in macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. A sandboxed process may be able to circumvent sandbox restrictions.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:H/A:NExploitability: 2.0 | Impact: 4.0

Affected Packages4 packages

▶CVEListV5apple/security_update_catalinaunspecified — 2021

▶CVEListV5apple/macosunspecified — 11.5+1

▶NVDapple/macos11.0 — 11.5

▶NVDapple/mac_os_x10.14 — 10.14.5+3

🔴Vulnerability Details

OSV

ntfs-3g vulnerabilities↗2022-06-07

▶

GHSA

GHSA-p7m9-q5j5-3jgv: An access issue was addressed with improved access restrictions↗2022-05-24

▶

CVEList

CVE-2021-30783: An access issue was addressed with improved access restrictions↗2021-09-08

▶

📋Vendor Advisories

Red Hat

ntfs-3g: invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic↗2022-05-26

▶

Microsoft

An invalid return code in fuse_kern_mount enables intercepting of libfuse-lite protocol traffic between NTFS-3G and the kernel in NTFS-3G through 2021.8.22 when using libfuse-lite.↗2022-05-10

▶

Apple

CVE-2021-30783: Security Update 2021-005 Catalina↗2021-09-13

▶

Apple

CVE-2021-30783: Security Update 2021-005 Mojave↗2021-07-21

▶