Login Sign Up

CVE-2021-30919

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows arbitrary code execution through malicious PDF files due to an out-of-bounds write in Apple's PDF processing. It affects multiple Apple operating systems including iOS, iPadOS, macOS, tvOS, and watchOS. Attackers can exploit this by tricking users into opening specially crafted PDF documents.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
  • tvOS
  • watchOS
Versions: Versions before iOS 15.1, iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1, iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1
Operating Systems: Apple iOS, Apple iPadOS, Apple macOS, Apple tvOS, Apple watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations with PDF viewing capabilities are vulnerable. The vulnerability is in the PDF processing component.

📦 What is this software?

Ipad Os by Apple

View all CVEs affecting Ipad Os →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control of the device, enabling data theft, surveillance, or ransomware deployment.

🟠

Likely Case

Targeted attacks against specific individuals or organizations using malicious PDF attachments or downloads leading to data exfiltration.

🟢

If Mitigated

No impact if systems are fully patched or if PDF processing is blocked through security controls.

🌐 Internet-Facing: MEDIUM - Requires user interaction to open malicious PDF, but PDFs are commonly shared via email and web.
🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or shared documents containing malicious PDFs.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction to open malicious PDF but no authentication. No public proof-of-concept has been disclosed.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 15.1, iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1, iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1

Vendor Advisory: https://support.apple.com/en-us/HT212867

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS. 2. Go to System Preferences > Software Update on macOS. 3. Install the latest available update. 4. Restart the device after installation.

🔧 Temporary Workarounds

Block PDF file processing

all

Use endpoint protection or content filtering to block PDF files from untrusted sources.

Disable automatic PDF opening

all

Configure browsers and email clients to not automatically open PDF files.

🧯 If You Can't Patch

  • Implement application allowlisting to prevent unauthorized PDF viewers
  • Use network segmentation to isolate vulnerable devices from critical resources

🔍 How to Verify

Check if Vulnerable:

Check the operating system version against the affected versions listed in the Apple security advisories.

Check Version:

iOS/iPadOS/watchOS: Settings > General > About > Version. macOS: Apple menu > About This Mac > macOS version.

Verify Fix Applied:

Verify the device is running one of the patched versions: iOS 15.1+, iPadOS 15.1+, macOS Monterey 12.0.1+, iOS 14.8.1+, iPadOS 14.8.1+, tvOS 15.1+, watchOS 8.1+, or has Security Update 2021-007 Catalina/macOS Big Sur 11.6.1+.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes related to PDF processing
  • Unusual PDF file access from unexpected applications

Network Indicators:

  • Downloads of PDF files from suspicious sources
  • Outbound connections after PDF file opening

SIEM Query:

source="*" (event="process_crash" AND process_name="*pdf*") OR (file_type="pdf" AND source_ip="suspicious_ip")

📊 Metadata

CVE ID: CVE-2021-30919
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30919, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)