CVE-2021-30693: Input Validation
First published: Mon May 24 2021(Updated: )
A validation issue was addressed with improved logic. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted image may lead to arbitrary code execution.
Credit: Mickey Jin & Junzhi Lu (@pwn0rz) @patch1t Trend MicroMickey Jin & Junzhi Lu (@pwn0rz) @patch1t Trend MicroMickey Jin & Junzhi Lu (@pwn0rz) @patch1t Trend MicroMickey Jin & Junzhi Lu (@pwn0rz) @patch1t Trend Micro product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple Catalina | ||
| Apple Mojave | ||
| Apple macOS Big Sur | <11.4 | 11.4 |
| Apple iOS | <14.6 | 14.6 |
| Apple iPadOS | <14.6 | 14.6 |
| Apple iPadOS | <14.6 | |
| Apple iPhone OS | <14.6 | |
| Apple Mac OS X | >=10.14<=10.14.5 | |
| Apple Mac OS X | >=10.15<=10.15.6 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-001 | |
| Apple Mac OS X | =10.14.6-security_update_2019-002 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-security_update_2020-007 | |
| Apple Mac OS X | =10.14.6-security_update_2021-001 | |
| Apple Mac OS X | =10.14.6-security_update_2021-002 | |
| Apple Mac OS X | =10.14.6-security_update_2021-003 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple Mac OS X | =10.15.7-security_update_2021-002 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0<11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212528 (Advisory)
- https://support.apple.com/en-us/HT212529 (Advisory)
- https://support.apple.com/en-us/HT212530 (Advisory)
- https://support.apple.com/en-us/HT212531 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30707
- CVE-2021-30685
- CVE-2021-30714
- CVE-2021-30729
- CVE-2021-30681
- CVE-2021-30686
- CVE-2021-30733
- CVE-2021-30753
- CVE-2021-30727
- CVE-2021-30724
- CVE-2021-30771
- CVE-2021-30697
- CVE-2021-30710
- CVE-2021-30687
- CVE-2021-30700
- CVE-2021-30701
- CVE-2021-30705
- CVE-2021-30706
- CVE-2021-30740
- CVE-2021-30674
- CVE-2021-30704
- CVE-2021-30715
- CVE-2021-30736
- CVE-2021-30703
- CVE-2021-30677
- CVE-2021-30741
- CVE-2021-30756
- CVE-2021-30723
- CVE-2021-30691
- CVE-2021-30692
- CVE-2021-30694
- CVE-2021-30725
- CVE-2021-30746
- CVE-2021-30693
- CVE-2021-30695
- CVE-2021-30708
- CVE-2021-30709
- CVE-2021-1821
- CVE-2021-30699
- CVE-2021-30999
- CVE-2021-30737
- CVE-2021-30744
- CVE-2021-21779
- CVE-2021-30682
- CVE-2021-30689
- CVE-2021-30749
- CVE-2021-30734
- CVE-2021-30720
- CVE-2021-23841
- CVE-2021-30698
- CVE-2021-30667
- CVE-2021-30678
- CVE-2021-30676
- CVE-2021-30688
- CVE-2021-30669
- CVE-2021-30672
- CVE-2021-30673
- CVE-2021-30755
- CVE-2021-30684
- CVE-2021-30735
- CVE-2021-30683
- CVE-2021-30719
- CVE-2021-30728
- CVE-2021-30726
- CVE-2021-30731
- CVE-2021-30739
- CVE-2021-30680
- CVE-2021-30702
- CVE-2021-30696
- CVE-2021-30679
- CVE-2020-36226
- CVE-2020-36227
- CVE-2020-36223
- CVE-2020-36224
- CVE-2020-36225
- CVE-2020-36221
- CVE-2020-36228
- CVE-2020-36222
- CVE-2020-36230
- CVE-2020-36229
- CVE-2021-30738
- CVE-2021-30751
- CVE-2021-30716
- CVE-2021-30717
- CVE-2021-30721
- CVE-2021-30722
- CVE-2021-30712
- CVE-2021-30668
- CVE-2021-30718
- CVE-2021-30671
- CVE-2021-30713
- CVE-2020-29629
- CVE-2021-1884
- CVE-2021-1883
- CVE-2021-30743
- CVE-2021-30819
- CVE-2021-30690
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2021-30693.
What is the title of the vulnerability?
The title of the vulnerability is Model I/O. A validation issue was addressed with improved logic.
What software versions are affected by the vulnerability?
The vulnerability affects macOS Big Sur up to version 11.4, Apple Mojave, Apple Catalina, iOS up to version 14.6, and iPadOS up to version 14.6.
How was the vulnerability addressed?
The vulnerability was addressed by improving the logic of the validation issue.
Where can I find more information about the vulnerability?
You can find more information about the vulnerability on the following Apple support pages: [^1^], [^2^], [^3^].
- collector/apple-support
- agent/software-canonical-lookup-request
- collector/nvd-index
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- agent/weakness
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.14
- version/apple mac os x/10.14.5
- version/apple mac os x/10.15
- version/apple mac os x/10.15.6
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-001
- version/apple mac os x/10.14.6-security_update_2019-002
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-security_update_2020-007
- version/apple mac os x/10.14.6-security_update_2021-001
- version/apple mac os x/10.14.6-security_update_2021-002
- version/apple mac os x/10.14.6-security_update_2021-003
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- version/apple mac os x/10.15.7-security_update_2021-002
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0