CVE-2021-30760

Description

An integer overflow was addressed through improved input validation. This issue is fixed in iOS 14.7, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7, Security Update 2021-005 Mojave, Security Update 2021-004 Catalina. Processing a maliciously crafted font file may lead to arbitrary code execution.

References

Link	Tags
https://support.apple.com/en-us/HT212601	vendor advisory
https://support.apple.com/en-us/HT212602	vendor advisory
https://support.apple.com/en-us/HT212605	vendor advisory
https://support.apple.com/en-us/HT212600	vendor advisory
https://support.apple.com/en-us/HT212603	vendor advisory
https://support.apple.com/en-us/HT212604	vendor advisory

Frequently Asked Questions

What is the severity of CVE-2021-30760?: CVE-2021-30760 has been scored as a high severity vulnerability.
How to fix CVE-2021-30760?: To fix CVE-2021-30760, make sure you are using an up-to-date version of the affected component(s) by checking the vendor release notes. As for now, there are no other specific guidelines available.
Is CVE-2021-30760 being actively exploited in the wild?: As for now, there are no information to confirm that CVE-2021-30760 is being actively exploited. According to its EPSS score, there is a ~0% probability that this vulnerability will be exploited by malicious actors in the next 30 days.
What software or system is affected by CVE-2021-30760?: CVE-2021-30760 affects Apple Security Update - Catalina, Apple iOS, Apple macOS, Apple macOS, Apple macOS, Apple macOS.

Description

Category

CWE-190 – Integer Overflow or Wraparound

References

Frequently Asked Questions