Login Sign Up

CVE-2021-30939

7.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code by tricking users into processing maliciously crafted images. It affects Apple devices running outdated macOS, iOS, iPadOS, tvOS, and watchOS versions. Successful exploitation could give attackers full control of affected devices.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2, iPadOS 15.2, tvOS 15.2, watchOS 8.3
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. The vulnerability exists in image processing components.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Malware installation through malicious images in messages, emails, or websites, potentially leading to credential theft or surveillance.

🟢

If Mitigated

Limited impact if devices are patched, images are processed in sandboxed environments, or user interaction is required.

🌐 Internet-Facing: MEDIUM
🏢 Internal Only: LOW

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user interaction to process malicious images. No public exploit code is known.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2, iPadOS 15.2, tvOS 15.2, watchOS 8.3

Vendor Advisory: https://support.apple.com/en-us/HT212975

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS. 2. On macOS, go to System Preferences > Software Update. 3. Install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Disable automatic image processing

all

Configure email clients and browsers to not automatically download or process images from untrusted sources.

Use application sandboxing

macOS

Ensure image processing applications run in sandboxed environments where possible.

🧯 If You Can't Patch

  • Restrict image file processing from untrusted sources
  • Implement network segmentation to isolate vulnerable devices

🔍 How to Verify

Check if Vulnerable:

Check system version against affected versions list. On macOS: System Information > Software > System Version. On iOS/iPadOS: Settings > General > About > Version.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version (no command line)

Verify Fix Applied:

Verify system version matches or exceeds patched versions listed in fix_official.patch_version.

📡 Detection & Monitoring

Log Indicators:

  • Unexpected process crashes in image processing applications
  • Suspicious file access patterns to image files

Network Indicators:

  • Unusual outbound connections from image processing applications
  • Downloads of suspicious image files

SIEM Query:

Process: (name: Preview OR name: Photos OR name: Safari) AND EventID: 1000 (Application Crash)

📊 Metadata

CVE ID: CVE-2021-30939
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30939, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)