CVE-2021-30738
First published: Mon May 24 2021(Updated: )
A malicious application may be able to overwrite arbitrary files. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-004 Mojave. An issue with path validation logic for hardlinks was addressed with improved path sanitization.
Credit: Qingyang Chen Topsec Alpha TeamCsaba Fitzl @theevilbit Offensive Security product-security@apple.com Qingyang Chen Topsec Alpha TeamCsaba Fitzl @theevilbit Offensive Security
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Big Sur | <11.4 | 11.4 |
| Apple Mojave | ||
| Apple Mac OS X | >=10.14.0<=10.14.5 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-001 | |
| Apple Mac OS X | =10.14.6-security_update_2019-002 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-security_update_2020-007 | |
| Apple Mac OS X | =10.14.6-security_update_2021-001 | |
| Apple Mac OS X | =10.14.6-security_update_2021-002 | |
| Apple Mac OS X | =10.14.6-security_update_2021-003 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple macOS | >=11.0.1<11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212531 (Advisory)
- https://support.apple.com/en-us/HT212529 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30676
- CVE-2021-30678
- CVE-2021-30690
- CVE-2021-30669
- CVE-2021-30681
- CVE-2021-30724
- CVE-2021-30735
- CVE-2021-30710
- CVE-2021-1884
- CVE-2021-1883
- CVE-2021-30697
- CVE-2021-30683
- CVE-2021-30687
- CVE-2021-30705
- CVE-2021-30728
- CVE-2021-30726
- CVE-2021-30704
- CVE-2021-30739
- CVE-2021-30702
- CVE-2021-30696
- CVE-2021-30819
- CVE-2021-30723
- CVE-2021-30691
- CVE-2021-30694
- CVE-2021-30692
- CVE-2021-30746
- CVE-2021-30693
- CVE-2021-30695
- CVE-2021-30708
- CVE-2021-30709
- CVE-2021-30725
- CVE-2021-30679
- CVE-2020-36226
- CVE-2020-36229
- CVE-2020-36225
- CVE-2020-36224
- CVE-2020-36223
- CVE-2020-36227
- CVE-2020-36228
- CVE-2020-36221
- CVE-2020-36222
- CVE-2020-36230
- CVE-2021-30738
- CVE-2021-30737
- CVE-2021-30716
- CVE-2021-30717
- CVE-2021-30712
- CVE-2021-30721
- CVE-2021-30722
- CVE-2021-30688
- CVE-2021-30707
- CVE-2021-30685
- CVE-2021-30672
- CVE-2021-30686
- CVE-2021-30733
- CVE-2021-30753
- CVE-2021-30727
- CVE-2021-30673
- CVE-2021-30771
- CVE-2021-30755
- CVE-2021-30684
- CVE-2021-30700
- CVE-2021-30701
- CVE-2021-30706
- CVE-2021-30719
- CVE-2021-30731
- CVE-2021-30740
- CVE-2021-30715
- CVE-2021-30736
- CVE-2021-30703
- CVE-2021-30680
- CVE-2021-30677
- CVE-2021-30756
- CVE-2021-30751
- CVE-2021-30668
- CVE-2021-30718
- CVE-2021-30671
- CVE-2021-30713
- CVE-2021-30744
- CVE-2021-21779
- CVE-2021-30682
- CVE-2021-30689
- CVE-2021-30749
- CVE-2021-30734
- CVE-2021-30720
- CVE-2021-23841
- CVE-2021-30698
Frequently Asked Questions
What is CVE-2021-30738?
CVE-2021-30738 is a vulnerability in PackageKit that allows a malicious application to overwrite arbitrary files.
How does CVE-2021-30738 impact macOS Big Sur 11.4?
CVE-2021-30738 affects macOS Big Sur 11.4 by introducing a vulnerability that allows a malicious application to overwrite arbitrary files.
Is Apple Mojave affected by CVE-2021-30738?
Yes, Apple Mojave is also affected by CVE-2021-30738.
How can I mitigate the vulnerability in macOS Big Sur 11.4?
To mitigate the vulnerability in macOS Big Sur 11.4, it is recommended to update to the latest version of the operating system and apply any available security patches.
Where can I find more information about CVE-2021-30738?
More information about CVE-2021-30738 can be found on the Apple support website: [https://support.apple.com/en-us/HT212529](https://support.apple.com/en-us/HT212529)
- collector/apple-support
- collector/nvd-index
- agent/references
- agent/severity
- agent/author
- agent/last-modified-date
- agent/softwarecombine
- agent/first-publish-date
- agent/description
- agent/type
- agent/event
- agent/software-canonical-lookup-request
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple mojave
- canonical/apple mac os x
- version/apple mac os x/10.14.0
- version/apple mac os x/10.14.5
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-001
- version/apple mac os x/10.14.6-security_update_2019-002
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-security_update_2020-007
- version/apple mac os x/10.14.6-security_update_2021-001
- version/apple mac os x/10.14.6-security_update_2021-002
- version/apple mac os x/10.14.6-security_update_2021-003
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2
- canonical/apple macos
- version/apple macos/11.0.1
- canonical/apple macos big sur