PT-2021-19016 · Apple · Gatekeeper+4

Ryan Pickren

Published

2021-08-24

Updated

2022-01-27

CVE-2021-30975

CVSS v3.1

8.6

High

Vector

AV:L/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions macOS versions prior to 12.1 macOS Big Sur versions prior to 11.6.2 Security Update versions prior to 2021-008 Catalina

Description A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions. This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

Recommendations For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For Security Update versions prior to 2021-008 Catalina, apply Security Update 2021-008 Catalina or later. As a temporary workaround, consider disabling the execution of JavaScript when viewing a scripting dictionary until a patch is available.

Fix

Incorrect Authorization

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-863

Related Identifiers

CVE-2021-30975

Affected Products

Gatekeeper

Apple Macos

Security Update

Macos Big Sur

Macos Monterey

PT-2021-19016 · Apple · Gatekeeper+4

CVE-2021-30975

Weakness Enumeration

Related Identifiers

Affected Products

References · 10