CVE-2021-1782

7.0 HIGH

📋 TL;DR

CVE-2021-1782 is a race condition vulnerability in Apple operating systems that allows malicious applications to elevate privileges. This affects macOS, iOS, iPadOS, watchOS, and tvOS users. Apple reported this vulnerability may have been actively exploited in the wild.

💻 Affected Systems

Products:

macOS
iOS
iPadOS
watchOS
tvOS

Versions: Versions prior to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, iPadOS 14.4

Operating Systems: macOS, iOS, iPadOS, watchOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple operating systems are vulnerable.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with root-level access, allowing installation of persistent malware, data theft, and lateral movement.

🟠

Likely Case

Local privilege escalation enabling malicious apps to bypass sandbox restrictions and access sensitive system resources.

🟢

If Mitigated

Limited impact with proper application sandboxing and least privilege principles in place.

🌐 Internet-Facing: LOW (requires local access or malicious app installation)

🏢 Internal Only: MEDIUM (malicious insider or compromised endpoint could exploit)

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: CONFIRMED

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Apple confirmed active exploitation. Requires user to install malicious application or have local access.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4, iPadOS 14.4

Vendor Advisory: https://support.apple.com/en-us/HT212146

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install available security updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Application Restriction

macOS

Restrict installation of applications from untrusted sources

sudo spctl --master-enable
sudo spctl --enable

🧯 If You Can't Patch

Implement strict application allowlisting policies
Enforce least privilege principles and restrict user administrative rights

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions list

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify system version matches or exceeds patched versions

📡 Detection & Monitoring

Log Indicators:

Unexpected privilege escalation events
Suspicious process creation with elevated privileges

Network Indicators:

Unusual outbound connections from system processes

SIEM Query:

process where parent_process_name in ('sudo', 'su', 'launchd') and process_name not in (expected_process_list)

📊 Metadata

CVE ID: CVE-2021-1782

CVSS v3 Score: 7.0 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-667

Published: April 2, 2021

Last Updated: October 23, 2025

🔗 References

https://support.apple.com/en-us/HT212146 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212147 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212148 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212149 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212146 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212147 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212148 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212149 Release Notes,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1782 US Government Resource