CVE-2021-30969

Name of the Vulnerable Software and Affected Versions macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008

Description A path handling issue was addressed with improved validation. This issue may cause unexpected JavaScript execution from a file on disk when processing a maliciously crafted URL. The vulnerability is related to insufficient input validation in the Help Viewer component of macOS Big Sur, which may allow an attacker to execute arbitrary JavaScript code.

Recommendations For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later to resolve the issue. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 to resolve the issue. As a temporary workaround, consider restricting access to maliciously crafted URLs to minimize the risk of exploitation.