Login Sign Up

CVE-2021-30969

7.8 HIGH
Path Traversal

📋 TL;DR

This macOS vulnerability allows malicious URLs to trigger unexpected JavaScript execution from local files. Attackers could potentially execute arbitrary code by tricking users into opening specially crafted URLs. Affects macOS Catalina and Big Sur users who haven't applied security updates.

💻 Affected Systems

Products:
  • macOS
Versions: macOS Catalina and macOS Big Sur prior to security updates
Operating Systems: macOS
Default Config Vulnerable: ⚠️ Yes
Notes: Affects default browser configurations; requires user interaction with malicious URL

📦 What is this software?

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to full system compromise, data theft, or malware installation

🟠

Likely Case

Limited JavaScript execution in browser context, potentially stealing session cookies or performing actions on behalf of user

🟢

If Mitigated

No impact if patched or if user avoids clicking suspicious URLs

🌐 Internet-Facing: MEDIUM - Requires user interaction with malicious URL but can be delivered via email, messaging, or compromised websites
🏢 Internal Only: LOW - Still requires user interaction; internal systems less likely to host malicious URLs

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Requires social engineering to deliver malicious URL; Apple has not disclosed technical details

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Security Update 2021-008 for Catalina, macOS Big Sur 11.6.2

Vendor Advisory: https://support.apple.com/en-us/HT212979

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update
2. Install Security Update 2021-008 (Catalina) or macOS Big Sur 11.6.2
3. Restart computer when prompted

🔧 Temporary Workarounds

URL validation browser extension

all

Install browser extensions that validate URLs before loading

Disable automatic URL handling

all

Configure browser to prompt before opening URLs from external applications

🧯 If You Can't Patch

  • Educate users to avoid clicking suspicious URLs, especially from untrusted sources
  • Implement web filtering to block known malicious domains and URL patterns

🔍 How to Verify

Check if Vulnerable:

Check macOS version: Catalina users without Security Update 2021-008 or Big Sur users below 11.6.2 are vulnerable

Check Version:

sw_vers

Verify Fix Applied:

Verify macOS version shows Catalina with Security Update 2021-008 or Big Sur 11.6.2 or higher

📡 Detection & Monitoring

Log Indicators:

  • Browser logs showing unexpected file:// URL access
  • Console logs with JavaScript execution errors from local files

Network Indicators:

  • Unusual outbound connections following URL clicks
  • DNS requests for suspicious domains

SIEM Query:

source="browser.logs" AND (url="file://*" OR javascript_execution="local_file")

📊 Metadata

CVE ID: CVE-2021-30969
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON