CVE-2021-30772
📋 TL;DR
A privilege escalation vulnerability in macOS allows malicious applications to gain root privileges. This affects macOS Big Sur systems before version 11.5. Users who install untrusted applications are at risk.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise with root-level access, allowing attackers to install persistent malware, access all user data, and modify system files.
Likely Case
Local privilege escalation where a malicious application gains elevated privileges to perform unauthorized actions on the system.
If Mitigated
Limited impact with proper application vetting and security controls in place, though the vulnerability still exists in unpatched systems.
🎯 Exploit Status
Requires user to install and execute malicious application. Apple has addressed this with improved checks.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Big Sur 11.5
Vendor Advisory: https://support.apple.com/en-us/HT212602
Restart Required: Yes
Instructions:
1. Open System Preferences > Software Update. 2. Install macOS Big Sur 11.5 update. 3. Restart the system when prompted.
🔧 Temporary Workarounds
Application Restriction
allOnly install applications from trusted sources like the Mac App Store or identified developers
🧯 If You Can't Patch
- Implement strict application control policies to prevent installation of untrusted applications
- Use endpoint protection software that can detect and block privilege escalation attempts
🔍 How to Verify
Check if Vulnerable:
Check macOS version: If running macOS Big Sur and version is less than 11.5, system is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version is 11.5 or later after applying the update.📡 Detection & Monitoring
Log Indicators:
- Unexpected privilege escalation events in system logs
- Applications requesting root privileges unexpectedly
Network Indicators:
- Not applicable - local privilege escalation
SIEM Query:
Not applicable for this local vulnerability