CVE-2021-30860

HIGHScheduled

Published:Aug 24, 2021(4 years ago)

Modified:Oct 27, 2025

Local AccessNo Auth RequiredLow Complexity

Vulnerability Description

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Attack Characteristics

Local AccessLow ComplexityNo Auth NeededUser Interaction Required

🤖

AI analysis not yet available

Plain-English explanation, risk summary, and remediation steps will appear here once AI analysis is complete.

No Fix Known

No patch has been released yet. Apply workarounds or mitigations where available.

Affected Software

Vendor	Product	Versions	Fixed In
apple	ipados	14.8	-
apple	iphone_os	12.5.5	-
apple	iphone_os	13.0 - 14.8

Timeline

Published
CVE disclosed publicly
Aug 24, 20214 years ago
Last Modified
Most recent update
Oct 27, 20257 months ago
Indexed to CVEInsight
Added to this platform
Mar 29, 20262 months ago

References

http://seclists.org/fulldisclosure/2021/Sep/25Mailing List
http://seclists.org/fulldisclosure/2021/Sep/26Mailing List
http://seclists.org/fulldisclosure/2021/Sep/27Mailing List

CVSS Score

v3.1

7.8/ 10.0

HIGH

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

At a Glance

Affected Products

References

apple / ipados

http://seclists.org/fulldisclosure/2021/Sep/28Mailing List

http://seclists.org/fulldisclosure/2021/Sep/38Mailing List

http://seclists.org/fulldisclosure/2021/Sep/39Mailing List

http://seclists.org/fulldisclosure/2021/Sep/40Mailing List

http://seclists.org/fulldisclosure/2021/Sep/50Mailing List

http://www.openwall.com/lists/oss-security/2022/09/02/11Mailing List

https://security.gentoo.org/glsa/202209-21Third Party Advisory

https://support.apple.com/en-us/HT212804Vendor Advisory

https://support.apple.com/en-us/HT212805Vendor Advisory

https://support.apple.com/en-us/HT212806Vendor Advisory

https://support.apple.com/en-us/HT212807Vendor Advisory

https://support.apple.com/kb/HT212824Vendor Advisory

http://seclists.org/fulldisclosure/2021/Sep/25Mailing List

http://seclists.org/fulldisclosure/2021/Sep/26Mailing List

http://seclists.org/fulldisclosure/2021/Sep/27Mailing List

http://seclists.org/fulldisclosure/2021/Sep/28Mailing List

http://seclists.org/fulldisclosure/2021/Sep/38Mailing List

http://seclists.org/fulldisclosure/2021/Sep/39Mailing List

http://seclists.org/fulldisclosure/2021/Sep/40Mailing List

http://seclists.org/fulldisclosure/2021/Sep/50Mailing List

http://www.openwall.com/lists/oss-security/2022/09/02/11Mailing List

https://security.gentoo.org/glsa/202209-21Third Party Advisory

https://support.apple.com/en-us/HT212804Vendor Advisory

https://support.apple.com/en-us/HT212805Vendor Advisory

https://support.apple.com/en-us/HT212806Vendor Advisory

https://support.apple.com/en-us/HT212807Vendor Advisory

https://support.apple.com/kb/HT212824Vendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve...US Government Resource

CVSS v3 Vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Exploitability

Attack VectorLocal

Attack ComplexityLow

Privileges RequiredNone

User InteractionRequired

Impact

ScopeUnchanged

ConfidentialityHigh

IntegrityHigh

AvailabilityHigh

Impact Analysis

ConfidentialityHigh

NoneLowHigh

IntegrityHigh

NoneLowHigh

AvailabilityHigh

NoneLowHigh

CVE-2021-30860

✦ Vulnerability Description

Attack Characteristics

Affected Software

Timeline

References

CVSS Score

At a Glance

Official Sources

CVSS v3 Vector

Impact Analysis

Vulnerability Description