CVE-2021-30879
📋 TL;DR
This vulnerability allows attackers to read memory outside intended boundaries when processing malicious AppleScript binary files. It affects macOS systems running vulnerable versions, potentially leading to application crashes or memory disclosure. Users of macOS Catalina, Big Sur, and Monterey before specific security updates are at risk.
💻 Affected Systems
- macOS
📦 What is this software?
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →⚠️ Risk & Real-World Impact
Worst Case
Memory disclosure could expose sensitive information like passwords, encryption keys, or other process data to attackers.
Likely Case
Application crashes (denial of service) when processing malicious AppleScript files, potentially disrupting workflows.
If Mitigated
With proper patching, no impact as the vulnerability is fully addressed.
🎯 Exploit Status
Exploitation requires user interaction to process malicious AppleScript files. No public exploit code is known.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Monterey 12.0.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1
Vendor Advisory: https://support.apple.com/en-us/HT212869
Restart Required: Yes
Instructions:
1. Open System Preferences > Software Update. 2. Install available security updates. 3. Restart the system when prompted.
🔧 Temporary Workarounds
Disable AppleScript execution
allPrevent AppleScript binary files from executing to mitigate the vulnerability
chmod -x /usr/bin/osascript
🧯 If You Can't Patch
- Restrict user permissions to prevent execution of untrusted AppleScript files
- Implement application whitelisting to block unauthorized AppleScript execution
🔍 How to Verify
Check if Vulnerable:
Check macOS version in System Preferences > About This Mac. If running Catalina, Big Sur, or Monterey without the specified security updates, the system is vulnerable.Check Version:
sw_versVerify Fix Applied:
Verify macOS version matches patched versions: Monterey 12.0.1+, Catalina with Security Update 2021-007, or Big Sur 11.6.1+.📡 Detection & Monitoring
Log Indicators:
- Application crashes related to osascript or AppleScript processes
- Unexpected memory access errors in system logs
Network Indicators:
- Unusual file downloads with .scpt or .applescript extensions
SIEM Query:
source="macos" AND (process="osascript" AND event="crash") OR (file_extension IN (".scpt", ".applescript") AND action="execute")