CVE-2021-31010
A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8...
Basic Information
- CVE State
- PUBLISHED
- Reserved Date
- April 13, 2021
- Published Date
- August 24, 2021
- Last Updated
- January 29, 2025
- Vendor
- Apple
- Product
- macOS, watchOS
- Description
- A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
CVSS Scores
CVSS v3.1
7.5 - HIGH
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
SSVC Information
- Exploitation
- active
- Automatable
- Yes
- Technical Impact
- partial
Exploit Status
- Exploited in the Wild
- Yes (added 2022-08-25 00:00:00 UTC) Source
References
Known Exploited Vulnerability Information
| Source | Added Date |
|---|---|
| CISA | 2022-08-25 00:00:00 UTC |