CVE-2021-30945
📋 TL;DR
This is a local privilege escalation vulnerability in Apple operating systems that allows an attacker with existing local access to gain elevated privileges. It affects macOS, iOS, iPadOS, tvOS, and watchOS users running outdated versions. The vulnerability was addressed through improved security checks in Apple's software updates.
💻 Affected Systems
- macOS
- iOS
- iPadOS
- tvOS
- watchOS
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
An attacker gains root or system-level privileges, enabling complete compromise of the device, data theft, installation of persistent malware, or bypassing security controls.
Likely Case
A local user or malware escalates privileges to perform unauthorized actions, such as accessing sensitive files or modifying system settings.
If Mitigated
With proper patching, the risk is eliminated; without patching, impact is limited to attackers with initial local access, assuming other security controls like least privilege are enforced.
🎯 Exploit Status
Exploitation requires local access; no public proof-of-concept or weaponization details are available from the provided references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2, iPadOS 15.2, watchOS 8.3
Vendor Advisory: https://support.apple.com/en-us/HT212975
Restart Required: Yes
Instructions:
1. Go to System Preferences > Software Update on macOS or Settings > General > Software Update on iOS/iPadOS/tvOS/watchOS. 2. Install the available update. 3. Restart the device as prompted.
🧯 If You Can't Patch
- Restrict local access to affected systems by enforcing strong authentication and least privilege principles.
- Monitor for unusual privilege escalation activities using security tools and logs.
🔍 How to Verify
Check if Vulnerable:
Check the current OS version against the patched versions listed in the fix_official section.Check Version:
On macOS: sw_vers -productVersion; On iOS/iPadOS: Settings > General > About > Version; On tvOS: Settings > General > About > Version; On watchOS: Settings > General > About > VersionVerify Fix Applied:
Confirm the OS version matches or exceeds the patched versions after update installation.📡 Detection & Monitoring
Log Indicators:
- Look for unexpected privilege escalation events in system logs, such as sudo or su commands from unauthorized users.
Network Indicators:
- Not applicable, as this is a local vulnerability with no direct network indicators.
SIEM Query:
Example: search for 'privilege escalation' or 'root access' events in Apple system logs, but specific queries depend on the SIEM and logging configuration.🔗 References
- https://support.apple.com/en-us/HT212975
- https://support.apple.com/en-us/HT212976
- https://support.apple.com/en-us/HT212978
- https://support.apple.com/en-us/HT212979
- https://support.apple.com/en-us/HT212980
- https://support.apple.com/en-us/HT212981
- https://support.apple.com/en-us/HT212975
- https://support.apple.com/en-us/HT212976
- https://support.apple.com/en-us/HT212978
- https://support.apple.com/en-us/HT212979
- https://support.apple.com/en-us/HT212980
- https://support.apple.com/en-us/HT212981
