Login Sign Up

CVE-2021-30736

7.8 HIGH
Remote Code Execution Buffer Overflow

📋 TL;DR

This is a kernel-level buffer overflow vulnerability in Apple operating systems that allows malicious applications to execute arbitrary code with kernel privileges. It affects macOS, iOS, iPadOS, tvOS, and watchOS. Successful exploitation gives attackers complete control over affected devices.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6, iPadOS 14.6
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires malicious application execution.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level persistence, data theft, and ability to bypass all security controls.

🟠

Likely Case

Malicious app gains full system access, installs backdoors, and steals sensitive data.

🟢

If Mitigated

Limited to sandboxed app compromise if proper app vetting and isolation are in place.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: HIGH

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Requires user to install/execute malicious application. No public exploit code available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.4, tvOS 14.6, watchOS 7.5, iOS 14.6, iPadOS 14.6

Vendor Advisory: https://support.apple.com/en-us/HT212528

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install available updates. 3. Restart device when prompted.

🔧 Temporary Workarounds

Application Restriction

all

Restrict installation of untrusted applications to prevent exploitation.

🧯 If You Can't Patch

  • Implement strict application allowlisting to prevent untrusted app execution.
  • Isolate vulnerable devices from critical networks and data.

🔍 How to Verify

Check if Vulnerable:

Check OS version in System Preferences > About This Mac (macOS) or Settings > General > About (iOS/iPadOS).

Check Version:

sw_vers (macOS) or Settings > General > About > Version (iOS/iPadOS)

Verify Fix Applied:

Verify OS version is equal to or newer than patched versions listed above.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel panics
  • Suspicious application installations
  • Unusual privilege escalation attempts

Network Indicators:

  • Unusual outbound connections from system processes
  • Command and control traffic from kernel space

SIEM Query:

source="kernel" AND (event="panic" OR event="buffer_overflow")

📊 Metadata

CVE ID: CVE-2021-30736
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-120
Published: September 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30736, you might also want to check these:

CVE-2023-24482 10.0

This CVE describes a critical buffer overflow vulnerability in COMOS software's cache validation ser...

Same vulnerability type (CWE-120)
CVE-2024-22039 10.0

This vulnerability allows unauthenticated remote attackers to execute arbitrary code with root privi...

Same vulnerability type (CWE-120)
CVE-2022-22570 10.0

A buffer overflow vulnerability in UniFi Door Access Reader Lite firmware allows attackers with netw...

Same vulnerability type (CWE-120)