Login Sign Up

CVE-2021-1790

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into processing malicious font files. It affects macOS systems running older versions that haven't applied Apple's security updates. Successful exploitation could give attackers full control of the affected system.

💻 Affected Systems

Products:
  • macOS
Versions: Versions prior to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All macOS systems running vulnerable versions are affected regardless of configuration

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise leading to data theft, ransomware deployment, or persistent backdoor installation

🟠

Likely Case

Malware installation through phishing emails or malicious websites containing crafted fonts

🟢

If Mitigated

Limited impact if systems are patched and users avoid suspicious font files

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to process malicious font files

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave

Vendor Advisory: https://support.apple.com/en-us/HT212147

Restart Required: Yes

Instructions:

1. Open System Preferences 2. Click Software Update 3. Install available security updates 4. Restart when prompted

🔧 Temporary Workarounds

Restrict font processing

all

Block suspicious font files at network perimeter and educate users about font file risks

🧯 If You Can't Patch

  • Implement application whitelisting to prevent unauthorized code execution
  • Use network segmentation to isolate vulnerable systems from critical assets

🔍 How to Verify

Check if Vulnerable:

Check macOS version in About This Mac. If version is earlier than Big Sur 11.2, Catalina Security Update 2021-001, or Mojave Security Update 2021-001, system is vulnerable

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version shows patched version in About This Mac

📡 Detection & Monitoring

Log Indicators:

  • Unusual font processing activity, unexpected application launches after font file access

Network Indicators:

  • Downloads of suspicious font files from untrusted sources

SIEM Query:

process:launch AND file_extension:ttf OR file_extension:otf OR file_extension:fon

📊 Metadata

CVE ID: CVE-2021-1790
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: April 2, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-1790, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)