CVE-2021-31006 — Incorrect Default Permissions in Apple Macos

CWE-276 — Incorrect Default Permissions1 documents1 sources

Severity

5.5MEDIUMNVD

EPSS

0.1%

top 72.31%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Macos Apple Tvos Apple Watchos

Timeline

PublishedAug 24

Description

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages6 packages

▶CVEListV5apple/tvosunspecified — 14.7

▶NVDapple/tvos< 14.7

▶CVEListV5apple/macosunspecified — 11.5

▶NVDapple/macos11.0 — 11.5

▶CVEListV5apple/watchosunspecified — 7.6