CVE-2021-31010

Summary

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

Affected Software

VendorProductVersion RangeStatus
ApplemacOSunspecified < 11.6affected
ApplemacOSunspecified < 2021affected
ApplewatchOSunspecified < 7.6affected
ApplewatchOSunspecified < 14.8affected
ApplewatchOSunspecified < 12.5affected

Weaknesses

  • A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: active
    • Automatable: yes
    • Technical Impact: partial

Additional References

References