CVE-2021-30860

Summary

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Affected Software

VendorProductVersion RangeStatus
ApplemacOSunspecified < 11.6affected
ApplemacOSunspecified < 2021-005affected
ApplewatchOSunspecified < 7.6affected
AppleiOSunspecified < 14.8affected

Weaknesses

  • Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: no
    • Technical Impact: total

Additional References

References