CVE-2021-30652

Name of the Vulnerable Software and Affected Versions macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 macOS Catalina versions prior to Security Update 2021-002 macOS Mojave versions prior to Security Update 2021-003

Description A race condition issue was addressed with additional validation. This issue may allow a malicious application to gain root privileges. The vulnerability is related to synchronization errors when using a shared resource in the libxpc library of Mac OS, tvOS, iOS, iPadOS, and watchOS operating systems, which can be exploited to elevate privileges.

Recommendations For macOS versions prior to 11.3, update to macOS Big Sur 11.3 or later. For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later. For macOS Catalina, apply Security Update 2021-002. For macOS Mojave, apply Security Update 2021-003.