CVE-2021-1774

7.8 HIGH

Remote Code Execution

📋 TL;DR

CVE-2021-1774 is a memory corruption vulnerability in Apple's image processing that allows arbitrary code execution when processing malicious images. Attackers can exploit this by tricking users into opening crafted image files. This affects macOS, iOS, iPadOS, watchOS, and tvOS users running vulnerable versions.

💻 Affected Systems

Products:

macOS
iOS
iPadOS
watchOS
tvOS

Versions: Versions before macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, iPadOS 14.4

Operating Systems: macOS, iOS, iPadOS, watchOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable; exploitation requires processing malicious images through affected image libraries.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining root privileges and persistent access to the device.

🟠

Likely Case

Malware installation, data theft, or device takeover when users open malicious images from untrusted sources.

🟢

If Mitigated

No impact if patched; limited to sandboxed apps if unpatched but with proper app restrictions.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious images, but common in web/messaging contexts.

🏢 Internal Only: LOW - Primarily requires user interaction with malicious content, less likely in controlled internal environments.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires user interaction to process malicious images; no public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, iPadOS 14.4

Vendor Advisory: https://support.apple.com/en-us/HT212146

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Disable automatic image processing

all

Prevent automatic image rendering in email clients and web browsers.

🧯 If You Can't Patch

Restrict image file processing from untrusted sources
Use application sandboxing to limit potential damage

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions list.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify system version matches or exceeds patched versions.

📡 Detection & Monitoring

Log Indicators:

Crash reports from image processing services
Unexpected process execution following image file access

Network Indicators:

Downloads of suspicious image files from untrusted sources

SIEM Query:

Process creation events following image file access from untrusted locations

📊 Metadata

CVE ID: CVE-2021-1774

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Published: April 2, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT212146 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212147 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212148 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212149 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212146 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212147 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212148 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212149 Release Notes,Vendor Advisory