CVE-2021-30970
published 2021-08-24CVE-2021-30970: A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be…
PriorityP432medium5.5CVSS 3.1
AVLACLPRNUIRSUCHINAN
EPSS
13.45%
96.0th percentile
A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | >= 11.0 < 11.2.6 | 11.2.6 |
| apple | macos | >= 12.0 < 12.1 | 12.1 |
| apple | macos | >= unspecified < 12.1 | 12.1 |
| apple | macos | >= unspecified < 11.6 | 11.6 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
CVSS provenance
nvdv3.15.5MEDIUMCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:P/I:N/A:N
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Apple
CVE-2021-30970: macOS Big Sur 11.6.2
vendor_apple·2021-12-13·CVSS 5.5
CVE-2021-30970 [MEDIUM] CVE-2021-30970: macOS Big Sur 11.6.2
Apple Security Update: About the security content of macOS Big Sur 11.6.2
Product: macOS Big Sur
Version: 11.6.2
CVE: CVE-2021-30970
Component: TCC
Impact: A malicious application may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
Apple
CVE-2021-30970: macOS Monterey 12.1
vendor_apple·2021-12-13·CVSS 5.5
CVE-2021-30970 [MEDIUM] CVE-2021-30970: macOS Monterey 12.1
Apple Security Update: About the security content of macOS Monterey 12.1
Product: macOS Monterey
Version: 12.1
CVE: CVE-2021-30970
Component: TCC
Impact: A malicious application may be able to bypass Privacy preferences
Description: A logic issue was addressed with improved state management.
No detection rules found.
No public exploits indexed.
Bleepingcomputer
Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
blogs_bleepingcomputer·2025-07-28·CVSS 7.1
CVE-2020-9771 [HIGH] Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
## Microsoft: macOS Sploitlight flaw leaks Apple Intelligence data
## Sergiu Gatlan
Since 2020, Apple has patched other TCC bypasses that exploit Time Machine mounts ( CVE-2020-9771 ), environment variable poisoning ( CVE-2020-9934 ), and a bundle conclusion issue ( CVE-2021-30713 ) . In the past, Microsoft security researchers have also discovered several other TCC bypasses, including powerdir ( CVE-2021-30970 ) and HM-Surf , that could also be abused to gain access to users' private data.
"While similar to prior TCC bypasses like HM-Surf and powerdir, the implications of this vulnerability, which we refer to as 'Sploitlight' for its use of Spotlight plugins, are more severe due to its ability to extract and leak sensitive information cached by Apple Intelligence, such as precise geol
Bleepingcomputer
Microsoft: macOS bug lets hackers install malicious kernel drivers
blogs_bleepingcomputer·2025-01-13·CVSS 5.5
CVE-2024-44243 [MEDIUM] Microsoft: macOS bug lets hackers install malicious kernel drivers
## Microsoft: macOS bug lets hackers install malicious kernel drivers
## Sergiu Gatlan
"System Integrity Protection (SIP) serves as a critical safeguard against malware, attackers, and other cybersecurity threats, establishing a fundamental layer of protection for macOS systems," Microsoft said today in a report that provides more technical details on CVE-2024-44243.
"Bypassing SIP impacts the entire operating system's security and could lead to severe consequences, emphasizing the necessity for comprehensive security solutions that can detect anomalous behavior from specially entitled processes."
Microsoft security researchers have discovered multiple macOS vulnerabilities in recent years. A SIP bypass dubbed 'Shrootless ' ( CVE-2021-30892 ), reported in 2021, also allows attackers to
Checkpoint
17th January– Threat Intelligence Report
blogs_checkpoint·2022-01-17
CVE-2022-22588 17th January– Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 17th January– Threat Intelligence Report
For the latest discoveries in cyber research for the week of 17th January, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Russia’s Federal Security Service (FSB) has arrested several members of the REvil ransomware group, responsible for the JBS attack and the Kaseya supply chain attack, among others, after carrying out raids at 25 addresses across Russia. It is currently unknown whether leaders of the group have been detained.
Check Point H
2021-08-24
Published