Login Sign Up

CVE-2021-30995

7.0 HIGH

📋 TL;DR

This CVE describes a race condition vulnerability in Apple operating systems that allows malicious applications to elevate privileges. It affects macOS, iOS, iPadOS, tvOS, and watchOS. Attackers could exploit this to gain higher privileges than intended.

💻 Affected Systems

Products:
  • macOS
  • iOS
  • iPadOS
  • tvOS
  • watchOS
Versions: Versions prior to macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2, iPadOS 15.2, tvOS 15.2, watchOS 8.3
Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected Apple operating systems are vulnerable until patched.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with root/admin privileges, allowing installation of persistent malware, data theft, and complete control of affected devices.

🟠

Likely Case

Local privilege escalation allowing malicious apps to bypass sandbox restrictions and access sensitive data or system resources.

🟢

If Mitigated

Minimal impact if devices are fully patched and running with least privilege principles.

🌐 Internet-Facing: LOW - This is primarily a local privilege escalation requiring malicious application execution.
🏢 Internal Only: MEDIUM - Insider threats or compromised user accounts could exploit this to escalate privileges within the environment.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires a malicious application to be installed and executed on the target device. Race conditions can be challenging to reliably exploit.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.6.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2, iPadOS 15.2, tvOS 15.2, watchOS 8.3

Vendor Advisory: https://support.apple.com/en-us/HT212975

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update on macOS or Settings > General > Software Update on iOS/iPadOS. 2. Download and install the latest security update. 3. Restart the device when prompted.

🔧 Temporary Workarounds

Application Whitelisting

all

Restrict installation and execution of untrusted applications to prevent malicious apps from exploiting the vulnerability.

User Privilege Reduction

all

Run users with standard/non-admin privileges to limit the impact of privilege escalation.

🧯 If You Can't Patch

  • Implement strict application control policies to prevent installation of untrusted software
  • Use mobile device management (MDM) solutions to enforce security policies and monitor for suspicious activity

🔍 How to Verify

Check if Vulnerable:

Check the operating system version against the patched versions listed in the fix section.

Check Version:

On macOS: sw_vers -productVersion. On iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify the device is running one of the patched versions: macOS Big Sur 11.6.2+, macOS Monterey 12.1+, iOS 15.2+, iPadOS 15.2+, tvOS 15.2+, watchOS 8.3+

📡 Detection & Monitoring

Log Indicators:

  • Unexpected privilege escalation events
  • Suspicious application installation or execution
  • System integrity protection (SIP) violations

Network Indicators:

  • Unusual outbound connections from system processes
  • Communication with known malicious domains

SIEM Query:

source="apple_system_logs" AND (event="privilege_escalation" OR process="malicious_app")

📊 Metadata

CVE ID: CVE-2021-30995
CVSS v3 Score: 7.0 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-362
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30995, you might also want to check these:

CVE-2025-43275 9.8

A race condition vulnerability in macOS allows malicious applications to escape their sandbox restri...

Same vulnerability type (CWE-362)
CVE-2021-32810 9.8

A race condition in crossbeam-deque Rust library versions before 0.7.4 and 0.8.0 allows tasks in wor...

Same vulnerability type (CWE-362)
CVE-2025-30444 9.8

A race condition vulnerability in macOS SMB client allows attackers to cause system termination (ker...

Same vulnerability type (CWE-362)