Vulnerability Name: CVE-2021-1782 (CCN-195637) Assigned: 2020-12-08 Published: 2021-01-26 Updated: 2021-04-09 Summary: A race condition was addressed with improved locking. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. A malicious application may be able to elevate privileges. Apple is aware of a report that this issue may have been actively exploited.. CVSS v3 Severity: 7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI): Scope: Scope (S): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI): Scope: Scope (S): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
CVSS v2 Severity: 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Type: CWE-362 CWE-269 Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2021-1782 apple-watchos-cve20211782-priv-esc(195637) About the security content of iOS 14.4 and iPadOS 14.4 https://support.apple.com/en-us/HT212146 About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave https://support.apple.com/en-us/HT212147 About the security content of watchOS 7.3 https://support.apple.com/en-us/HT212148 About the security content of tvOS 14.4 https://support.apple.com/en-us/HT212149 KNOWN EXPLOITED VULNERABILITIES CATALOG Vulnerable Configuration: Configuration 1 :cpe:/o:apple:ipados:*:*:*:*:*:*:*:* (Version < 14.4)OR cpe:/o:apple:iphone_os:*:*:*:*:*:*:*:* (Version < 14.4) OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.14 and < 10.14.6) OR cpe:/o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:*:*:*:*:*:*:*:* (Version >= 10.15 and < 10.15.7) OR cpe:/o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* OR cpe:/o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* OR cpe:/o:apple:macos:*:*:*:*:*:*:*:* (Version >= 11.0 and < 11.2) OR cpe:/o:apple:tvos:*:*:*:*:*:*:*:* (Version < 14.4) OR cpe:/o:apple:watchos:*:*:*:*:*:*:*:* (Version < 7.3) Configuration CCN 1 :cpe:/o:apple:macos_catalina:10.15.6:*:*:*:*:*:*:* OR cpe:/o:apple:tvos:14.3:*:*:*:*:*:*:* OR cpe:/o:apple:watchos:7.2:*:*:*:*:*:*:* OR cpe:/o:apple:ipados:14.3:*:*:*:*:*:*:* OR cpe:/o:apple:ios:14.3:*:*:*:*:*:*:* Vulnerability Name: CVE-2021-1782 (CCN-195900) Assigned: 2020-12-08 Published: 2021-02-01 Updated: 2021-02-01 Summary: Apple macOS could allow a local attacker to gain elevated privileges on the system, caused by a race condition in the Kernel component. By using a specially-crafted application, an attacker could exploit this vulnerability to execute arbitrary code with elevated privileges. CVSS v3 Severity: 7.0 High (CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H 6.1 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI): Scope: Scope (S): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
7.8 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H 6.8 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C Exploitability Metrics: Attack Vector (AV): Attack Complexity (AC): Privileges Required (PR): User Interaction (UI): Scope: Scope (S): Impact Metrics: Confidentiality (C): Integrity (I): Availibility (A):
CVSS v2 Severity: 6.9 Medium (CVSS v2 Vector: AV:L/AC:M/Au:N/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): MediumAuthentication (Au): NoneImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
6.8 Medium (CCN CVSS v2 Vector: AV:L/AC:L/Au:S/C:C/I:C/A:C Exploitability Metrics: Access Vector (AV): LocalAccess Complexity (AC): LowAthentication (Au): Single_InstanceImpact Metrics: Confidentiality (C): CompleteIntegrity (I): CompleteAvailibility (A): Complete
Vulnerability Consequences: Gain Privileges References: Source: MITRECVE-2021-1782 apple-macos-cve20211782-priv-esc(195900) About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave Vulnerable Configuration: Configuration CCN 1 :cpe:/o:apple:macos_catalina:10.15.6:*:*:*:*:*:*:* BACK
apple ipados *
apple iphone os *
apple mac os x *
apple mac os x 10.14.6 -
apple mac os x 10.14.6 security_update_2019-004
apple mac os x 10.14.6 security_update_2019-005
apple mac os x 10.14.6 security_update_2019-006
apple mac os x 10.14.6 security_update_2019-007
apple mac os x 10.14.6 security_update_2020-001
apple mac os x 10.14.6 security_update_2020-002
apple mac os x 10.14.6 security_update_2020-003
apple mac os x 10.14.6 security_update_2020-004
apple mac os x 10.14.6 security_update_2020-005
apple mac os x 10.14.6 security_update_2020-006
apple mac os x 10.14.6 security_update_2020-007
apple mac os x 10.14.6 supplemental_update
apple mac os x 10.14.6 supplemental_update_2
apple mac os x *
apple mac os x 10.15.7 -
apple mac os x 10.15.7 supplemental_update
apple macos *
apple tvos *
apple watchos *
apple macos catalina 10.15.6
apple tvos 14.3
apple watchos 7.2
apple ipados 14.3
apple ios 14.3
apple macos catalina 10.15.6
Denotes that component is vulnerable