CVE-2021-30855Link Following in Apple Macos

CWE-59Link Following15 documents4 sources
Severity
5.5MEDIUMNVD
EPSS
0.2%
top 55.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Apple MacosApple IpadosApple Iphone OS+3 more
Timeline
PublishedAug 24
Latest updateJan 14

Description

A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages7 packages

NVDapple/ipados< 14.8
CVEListV5apple/macosunspecified11.6+4
NVDapple/macos< 11.6
NVDapple/watchos< 8.0
NVDapple/mac_os_x< 10.15.7+1

🔴Vulnerability Details

1
CVEList
CVE-2021-30855: A validation issue existed in the handling of symlinks2021-08-24

📋Vendor Advisories

6
Apple
CVE-2021-30855: watchOS 82021-09-20
Apple
CVE-2021-30855: tvOS 152021-09-20
Apple
CVE-2021-30855: iOS 15 and iPadOS 152021-09-20
Apple
CVE-2021-30855: Security Update 2021-005 Catalina2021-09-13
Apple
CVE-2021-30855: iOS 14.8 and iPadOS 14.82021-09-13

🕵️Threat Intelligence

7
Trendmicro
Analyzing an Old Bug and Discovering CVE-2021-309952022-01-14
Trendmicro
Analyzing an Old Bug and Discovering CVE-2021-309952022-01-14
Trendmicro
Analyzing an Old Bug and Discovering CVE-2021-309952022-01-14
Trendmicro
Analyzing an Old Bug and Discovering CVE-2021-309952022-01-14
Trendmicro
Analyzing an Old Bug and Discovering CVE-2021-309952022-01-14
CVE-2021-30855 — Link Following in Apple Macos | cvebase