CVE-2021-1802
📋 TL;DR
CVE-2021-1802 is a local privilege escalation vulnerability in macOS that allows an attacker with local access to gain elevated system privileges. This affects macOS Catalina and Mojave systems that haven't been updated. The vulnerability stems from improper state management that can be exploited to bypass security restrictions.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
An attacker gains full root/system privileges, enabling complete system compromise, data theft, persistence mechanisms, and lateral movement within the network.
Likely Case
Local user or malware gains administrative privileges to install persistent backdoors, access sensitive data, or modify system configurations.
If Mitigated
With proper patch management and least privilege principles, impact is limited to isolated systems where attackers already have local access.
🎯 Exploit Status
Requires local access and some technical knowledge to exploit. Apple has not disclosed specific exploitation details.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Vendor Advisory: https://support.apple.com/en-us/HT212147
Restart Required: Yes
Instructions:
1. Open System Preferences > Software Update. 2. Install available security updates. 3. Restart the system when prompted. 4. Verify the update completed successfully.
🔧 Temporary Workarounds
Restrict local user privileges
allImplement least privilege by ensuring users only have necessary permissions and cannot execute arbitrary code.
🧯 If You Can't Patch
- Implement strict access controls to limit local user access to vulnerable systems
- Monitor for suspicious privilege escalation attempts using endpoint detection tools
🔍 How to Verify
Check if Vulnerable:
Check macOS version: System Preferences > About This Mac. If version is Catalina 10.15.7 or earlier or Mojave 10.14.6 or earlier, system is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version is Big Sur 11.2 or later, or has Security Update 2021-001 installed for Catalina/Mojave.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events in system logs
- Suspicious process creation with elevated privileges
Network Indicators:
- None - this is a local exploit
SIEM Query:
source="macos_system_logs" AND (event="privilege_escalation" OR process="sudo" OR user="root")