CVE-2021-30724
📋 TL;DR
CVE-2021-30724 is a local privilege escalation vulnerability in Apple operating systems that allows an attacker with local access to gain elevated privileges. It affects multiple Apple platforms including macOS, iOS, iPadOS, tvOS, and watchOS. Users running affected versions are vulnerable to privilege escalation attacks.
💻 Affected Systems
- macOS
- iOS
- iPadOS
- tvOS
- watchOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains root/system-level access, potentially compromising the entire system, installing persistent malware, accessing all user data, and bypassing security controls.
Likely Case
Local attacker gains administrative privileges, installs unauthorized software, modifies system configurations, or accesses protected files and resources.
If Mitigated
With proper patching and security controls, the vulnerability is eliminated; unpatched systems remain vulnerable to local privilege escalation.
🎯 Exploit Status
Requires local access to the system. Apple has not disclosed technical details, making exploitation more difficult without reverse engineering.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: tvOS 14.6, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, watchOS 7.5
Vendor Advisory: https://support.apple.com/en-us/HT212528
Restart Required: Yes
Instructions:
1. Open System Preferences (macOS) or Settings (iOS/iPadOS/watchOS/tvOS). 2. Navigate to Software Update. 3. Install the latest available update. 4. Restart the device when prompted.
🔧 Temporary Workarounds
No effective workarounds
allApple has not provided any workarounds for this vulnerability. Patching is the only effective mitigation.
🧯 If You Can't Patch
- Restrict local access to affected systems through physical security and access controls
- Implement strict user privilege management (principle of least privilege) to limit potential damage
🔍 How to Verify
Check if Vulnerable:
Check the operating system version against the patched versions listed in the Apple advisories. If running an older version, the system is vulnerable.Check Version:
macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version; tvOS: Settings > General > About > Version; watchOS: Watch app on iPhone > General > About > VersionVerify Fix Applied:
Verify the operating system version matches or exceeds the patched versions: tvOS 14.6+, iOS/iPadOS 14.6+, macOS Big Sur 11.4+, Security Update 2021-004 Mojave, Security Update 2021-003 Catalina, watchOS 7.5+.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events, unauthorized process execution with elevated privileges, or security framework alerts
Network Indicators:
- Not applicable - this is a local vulnerability
SIEM Query:
Not applicable - no specific network or log signatures provided by Apple for this CVE🔗 References
- https://support.apple.com/en-us/HT212528
- https://support.apple.com/en-us/HT212529
- https://support.apple.com/en-us/HT212530
- https://support.apple.com/en-us/HT212531
- https://support.apple.com/en-us/HT212532
- https://support.apple.com/en-us/HT212533
- https://support.apple.com/en-us/HT212528
- https://support.apple.com/en-us/HT212529
- https://support.apple.com/en-us/HT212530
- https://support.apple.com/en-us/HT212531
- https://support.apple.com/en-us/HT212532
- https://support.apple.com/en-us/HT212533
