Back to KEVs

CVE-2021-30657

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A...

Basic Information

CVE State
PUBLISHED
Reserved Date
April 13, 2021
Published Date
September 08, 2021
Last Updated
January 29, 2025
Vendor
Apple
Product
macOS
Description
A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..
Tags
macos cisa metasploit_scanner

CVSS Scores

CVSS v3.1

5.5 - MEDIUM

Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2.0

4.3

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

SSVC Information

Exploitation
active
Technical Impact
partial

Exploit Status

Exploited in the Wild
Yes (2021-11-03 00:00:00 UTC) Source
Proof of Concept Available
Yes (added 2021-11-07 18:33:35 UTC) Source

References

https://support.apple.com/en-us/HT212325 https://support.apple.com/en-us/HT212326

Known Exploited Vulnerability Information

Source Added Date
CISA 2021-11-03 00:00:00 UTC

Scanner Integrations

Scanner URL Date Detected
Metasploit https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/osx/browser/osx_gatekeeper_bypass.rb 2025-04-29 11:01:26 UTC

Potential Proof of Concepts

Warning: These PoCs have not been tested and could contain malware. Use at your own risk.

shubham0d/CVE-2021-30657

Type: github • Created: 2021-11-07 18:33:35 UTC • Stars: 31

A sample POC for CVE-2021-30657 affecting MacOS

Timeline

  • CVE ID Reserved

  • CVE Published to Public

  • Added to KEVIntel

  • Proof of Concept Exploit Available

  • Detected by Metasploit