CVE-2021-30738
First published: Mon May 24 2021(Updated: )
PackageKit. An issue with path validation logic for hardlinks was addressed with improved path sanitization.
Credit: Qingyang Chen Topsec Alpha TeamCsaba Fitzl @theevilbit Offensive SecurityQingyang Chen Topsec Alpha TeamCsaba Fitzl @theevilbit Offensive Security product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Big Sur | <11.4 | 11.4 |
| Apple Mojave | ||
| Apple Mac OS X | >=10.14.0<=10.14.5 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-001 | |
| Apple Mac OS X | =10.14.6-security_update_2019-002 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-security_update_2020-007 | |
| Apple Mac OS X | =10.14.6-security_update_2021-001 | |
| Apple Mac OS X | =10.14.6-security_update_2021-002 | |
| Apple Mac OS X | =10.14.6-security_update_2021-003 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple macOS | >=11.0.1<11.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212529 (Advisory)
- https://support.apple.com/en-us/HT212531 (Advisory)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30678
- CVE-2021-30676
- CVE-2021-30688
- CVE-2021-30669
- CVE-2021-30707
- CVE-2021-30685
- CVE-2021-30672
- CVE-2021-30681
- CVE-2021-30686
- CVE-2021-30733
- CVE-2021-30753
- CVE-2021-30727
- CVE-2021-30724
- CVE-2021-30673
- CVE-2021-30771
- CVE-2021-30755
- CVE-2021-30684
- CVE-2021-30735
- CVE-2021-30697
- CVE-2021-30710
- CVE-2021-30683
- CVE-2021-30687
- CVE-2021-30700
- CVE-2021-30701
- CVE-2021-30705
- CVE-2021-30706
- CVE-2021-30719
- CVE-2021-30728
- CVE-2021-30726
- CVE-2021-30731
- CVE-2021-30740
- CVE-2021-30704
- CVE-2021-30715
- CVE-2021-30736
- CVE-2021-30739
- CVE-2021-30703
- CVE-2021-30680
- CVE-2021-30677
- CVE-2021-30702
- CVE-2021-30696
- CVE-2021-30756
- CVE-2021-30723
- CVE-2021-30691
- CVE-2021-30692
- CVE-2021-30694
- CVE-2021-30725
- CVE-2021-30746
- CVE-2021-30693
- CVE-2021-30695
- CVE-2021-30708
- CVE-2021-30709
- CVE-2021-30679
- CVE-2020-36226
- CVE-2020-36227
- CVE-2020-36223
- CVE-2020-36224
- CVE-2020-36225
- CVE-2020-36221
- CVE-2020-36228
- CVE-2020-36222
- CVE-2020-36230
- CVE-2020-36229
- CVE-2021-30738
- CVE-2021-30751
- CVE-2021-30737
- CVE-2021-30716
- CVE-2021-30717
- CVE-2021-30721
- CVE-2021-30722
- CVE-2021-30712
- CVE-2021-30668
- CVE-2021-30718
- CVE-2021-30671
- CVE-2021-30713
- CVE-2021-30744
- CVE-2021-21779
- CVE-2021-30682
- CVE-2021-30689
- CVE-2021-30749
- CVE-2021-30734
- CVE-2021-30720
- CVE-2021-23841
- CVE-2021-30698
- CVE-2021-30690
- CVE-2021-1884
- CVE-2021-1883
- CVE-2021-30819
Frequently Asked Questions
What is CVE-2021-30738?
CVE-2021-30738 is a vulnerability in PackageKit that allows a malicious application to overwrite arbitrary files.
How does CVE-2021-30738 impact macOS Big Sur 11.4?
CVE-2021-30738 affects macOS Big Sur 11.4 by introducing a vulnerability that allows a malicious application to overwrite arbitrary files.
Is Apple Mojave affected by CVE-2021-30738?
Yes, Apple Mojave is also affected by CVE-2021-30738.
How can I mitigate the vulnerability in macOS Big Sur 11.4?
To mitigate the vulnerability in macOS Big Sur 11.4, it is recommended to update to the latest version of the operating system and apply any available security patches.
Where can I find more information about CVE-2021-30738?
More information about CVE-2021-30738 can be found on the Apple support website: [https://support.apple.com/en-us/HT212529](https://support.apple.com/en-us/HT212529)
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/type
- collector/apple-support
- collector/nvd-index
- vendor/apple
- canonical/apple macos big sur
- canonical/apple mojave
- canonical/apple mac os x
- version/apple mac os x/10.14.0
- version/apple mac os x/10.14.5
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-001
- version/apple mac os x/10.14.6-security_update_2019-002
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-security_update_2020-007
- version/apple mac os x/10.14.6-security_update_2021-001
- version/apple mac os x/10.14.6-security_update_2021-002
- version/apple mac os x/10.14.6-security_update_2021-003
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2
- canonical/apple macos
- version/apple macos/11.0.1