What is CVE-2021-30681?

CVE-2021-30681 is a validation issue in the handling of symlinks in Core Services on Apple watchOS 7.5, macOS Big Sur 11.4, Mojave, iOS 14.6, iPadOS 14.6, and Catalina.

How does CVE-2021-30681 affect Apple devices?

CVE-2021-30681 affects Apple watchOS 7.5, macOS Big Sur 11.4, Mojave, iOS 14.6, iPadOS 14.6, and Catalina.

What is the severity of CVE-2021-30681?

The severity of CVE-2021-30681 is not specified.

How can I fix CVE-2021-30681?

To fix CVE-2021-30681, update to the latest version of Apple watchOS, macOS Big Sur, Mojave, iOS, iPadOS, or Catalina.

Where can I find more information about CVE-2021-30681?

More information about CVE-2021-30681 can be found on the Apple support website.

Vulnerability/
CVE-2021-30681

critical

9.3

CWE

24/5/2021

8/9/2021

3/8/2024

CVE-2021-30681: Input Validation

First published: Mon May 24 2021(Updated: )

Core Services. A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

Credit: Zhongcheng Li (CK01) Zhongcheng Li (CK01) Zhongcheng Li (CK01) Zhongcheng Li (CK01) Zhongcheng Li (CK01) product-security@apple.com

Affected Software	Affected Version	How to fix
Apple macOS	<11.4	11.4
macOS Catalina
macOS Mojave
Apple iOS, iPadOS, and watchOS	<14.6	14.6
Apple iOS, iPadOS, and watchOS	<14.6	14.6
Apple iOS, iPadOS, and watchOS	<7.5	7.5
Apple iOS, iPadOS, and watchOS	<14.6
iOS	<14.6
Apple iOS and macOS	>=10.14<=10.14.5
Apple iOS and macOS	>=10.15<=10.15.6
Apple iOS and macOS	=10.14.6
Apple iOS and macOS	=10.14.6-security_update_2019-001
Apple iOS and macOS	=10.14.6-security_update_2019-002
Apple iOS and macOS	=10.14.6-security_update_2019-004
Apple iOS and macOS	=10.14.6-security_update_2019-005
Apple iOS and macOS	=10.14.6-security_update_2019-006
Apple iOS and macOS	=10.14.6-security_update_2019-007
Apple iOS and macOS	=10.14.6-security_update_2020-001
Apple iOS and macOS	=10.14.6-security_update_2020-002
Apple iOS and macOS	=10.14.6-security_update_2020-003
Apple iOS and macOS	=10.14.6-security_update_2020-004
Apple iOS and macOS	=10.14.6-security_update_2020-005
Apple iOS and macOS	=10.14.6-security_update_2020-006
Apple iOS and macOS	=10.14.6-security_update_2020-007
Apple iOS and macOS	=10.14.6-security_update_2021-001
Apple iOS and macOS	=10.14.6-security_update_2021-002
Apple iOS and macOS	=10.14.6-security_update_2021-003
Apple iOS and macOS	=10.14.6-supplemental_update
Apple iOS and macOS	=10.14.6-supplemental_update_2
Apple iOS and macOS	=10.15.7
Apple iOS and macOS	=10.15.7-security_update_2020
Apple iOS and macOS	=10.15.7-security_update_2020-001
Apple iOS and macOS	=10.15.7-security_update_2020-005
Apple iOS and macOS	=10.15.7-security_update_2020-007
Apple iOS and macOS	=10.15.7-security_update_2021-001
Apple iOS and macOS	=10.15.7-security_update_2021-002
Apple iOS and macOS	=10.15.7-supplemental_update
Apple iOS and macOS	>=11.0<11.4
Apple iOS, iPadOS, and watchOS	<7.5

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT212528 (Advisory)
https://support.apple.com/en-us/HT212529 (Advisory)
https://support.apple.com/en-us/HT212530 (Advisory)
https://support.apple.com/en-us/HT212531 (Advisory)
https://support.apple.com/en-us/HT212533 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2021-30678
CVE-2021-30676
CVE-2021-30688
CVE-2021-30669
CVE-2021-30707
CVE-2021-30685
CVE-2021-30672
CVE-2021-30681
CVE-2021-30686
CVE-2021-30733
CVE-2021-30753
CVE-2021-30727
CVE-2021-30724
CVE-2021-30673
CVE-2021-30771
CVE-2021-30755
CVE-2021-30684
CVE-2021-30735
CVE-2021-30697
CVE-2021-30710
CVE-2021-30683
CVE-2021-30687
CVE-2021-30700
CVE-2021-30701
CVE-2021-30705
CVE-2021-30706
CVE-2021-30719
CVE-2021-30728
CVE-2021-30726
CVE-2021-30731
CVE-2021-30740
CVE-2021-30704
CVE-2021-30715
CVE-2021-30736
CVE-2021-30739
CVE-2021-30703
CVE-2021-30680
CVE-2021-30677
CVE-2021-30702
CVE-2021-30696
CVE-2021-30756
CVE-2021-30723
CVE-2021-30691
CVE-2021-30692
CVE-2021-30694
CVE-2021-30725
CVE-2021-30746
CVE-2021-30693
CVE-2021-30695
CVE-2021-30708
CVE-2021-30709
CVE-2021-30679
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
CVE-2021-30738
CVE-2021-30751
CVE-2021-30737
CVE-2021-30716
CVE-2021-30717
CVE-2021-30721
CVE-2021-30722
CVE-2021-30712
CVE-2021-30668
CVE-2021-30718
CVE-2021-30671
CVE-2021-30713
CVE-2021-30744
CVE-2021-21779
CVE-2021-30682
CVE-2021-30689
CVE-2021-30749
CVE-2021-30734
CVE-2021-30720
CVE-2021-23841
CVE-2021-30698
CVE-2020-29629
CVE-2021-1884
CVE-2021-1883
CVE-2021-30743
CVE-2021-30819
CVE-2021-30690
CVE-2021-30714
CVE-2021-30729
CVE-2021-30674
CVE-2021-30741
CVE-2021-1821
CVE-2021-30699
CVE-2021-30999
CVE-2021-30667

Frequently Asked Questions

What is CVE-2021-30681?
CVE-2021-30681 is a validation issue in the handling of symlinks in Core Services on Apple watchOS 7.5, macOS Big Sur 11.4, Mojave, iOS 14.6, iPadOS 14.6, and Catalina.
How does CVE-2021-30681 affect Apple devices?
CVE-2021-30681 affects Apple watchOS 7.5, macOS Big Sur 11.4, Mojave, iOS 14.6, iPadOS 14.6, and Catalina.
What is the severity of CVE-2021-30681?
The severity of CVE-2021-30681 is not specified.
How can I fix CVE-2021-30681?
To fix CVE-2021-30681, update to the latest version of Apple watchOS, macOS Big Sur, Mojave, iOS, iPadOS, or Catalina.
Where can I find more information about CVE-2021-30681?
More information about CVE-2021-30681 can be found on the Apple support website.

agent/type
agent/first-publish-date
agent/author
agent/references
agent/weakness
agent/severity
agent/description
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
collector/apple-support
agent/software-canonical-lookup-request
agent/softwarecombine
agent/tags
collector/nvd-index
vendor/apple
canonical/apple macos
canonical/macos catalina
canonical/macos mojave
canonical/apple ios, ipados, and watchos
canonical/ios
canonical/apple ios and macos
version/apple ios and macos/10.14
version/apple ios and macos/10.14.5
version/apple ios and macos/10.15
version/apple ios and macos/10.15.6
version/apple ios and macos/10.14.6
version/apple ios and macos/10.14.6-security_update_2019-001
version/apple ios and macos/10.14.6-security_update_2019-002
version/apple ios and macos/10.14.6-security_update_2019-004
version/apple ios and macos/10.14.6-security_update_2019-005
version/apple ios and macos/10.14.6-security_update_2019-006
version/apple ios and macos/10.14.6-security_update_2019-007
version/apple ios and macos/10.14.6-security_update_2020-001
version/apple ios and macos/10.14.6-security_update_2020-002
version/apple ios and macos/10.14.6-security_update_2020-003
version/apple ios and macos/10.14.6-security_update_2020-004
version/apple ios and macos/10.14.6-security_update_2020-005
version/apple ios and macos/10.14.6-security_update_2020-006
version/apple ios and macos/10.14.6-security_update_2020-007
version/apple ios and macos/10.14.6-security_update_2021-001
version/apple ios and macos/10.14.6-security_update_2021-002
version/apple ios and macos/10.14.6-security_update_2021-003
version/apple ios and macos/10.14.6-supplemental_update
version/apple ios and macos/10.14.6-supplemental_update_2
version/apple ios and macos/10.15.7
version/apple ios and macos/10.15.7-security_update_2020
version/apple ios and macos/10.15.7-security_update_2020-001
version/apple ios and macos/10.15.7-security_update_2020-005
version/apple ios and macos/10.15.7-security_update_2020-007
version/apple ios and macos/10.15.7-security_update_2021-001
version/apple ios and macos/10.15.7-security_update_2021-002
version/apple ios and macos/10.15.7-supplemental_update
version/apple ios and macos/11.0