First published: Mon May 24 2021(Updated: )
An out-of-bounds read was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Processing a maliciously crafted USD file may disclose memory contents.
Credit: Mickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend Micro product-security@apple.com
Affected Software | Affected Version | How to fix |
---|---|---|
Apple Catalina | ||
Apple macOS Big Sur | <11.4 | 11.4 |
Apple Mojave | ||
Apple iOS | <14.6 | 14.6 |
Apple iPadOS | <14.6 | 14.6 |
Apple iPadOS | <14.6 | |
Apple iPhone OS | <14.6 | |
Apple Mac OS X | =10.14.0 | |
Apple Mac OS X | =10.14.1 | |
Apple Mac OS X | =10.14.2 | |
Apple Mac OS X | =10.14.3 | |
Apple Mac OS X | =10.14.4 | |
Apple Mac OS X | =10.14.4-beta4 | |
Apple Mac OS X | =10.14.5 | |
Apple Mac OS X | =10.14.6 | |
Apple Mac OS X | =10.14.6 | |
Apple Mac OS X | =10.14.6-security_update_2019-001 | |
Apple Mac OS X | =10.14.6-security_update_2019-002 | |
Apple Mac OS X | =10.14.6-security_update_2019-004 | |
Apple Mac OS X | =10.14.6-security_update_2019-005 | |
Apple Mac OS X | =10.14.6-security_update_2019-006 | |
Apple Mac OS X | =10.14.6-security_update_2019-007 | |
Apple Mac OS X | =10.14.6-security_update_2020-001 | |
Apple Mac OS X | =10.14.6-security_update_2020-002 | |
Apple Mac OS X | =10.14.6-security_update_2020-003 | |
Apple Mac OS X | =10.14.6-security_update_2020-004 | |
Apple Mac OS X | =10.14.6-security_update_2020-005 | |
Apple Mac OS X | =10.14.6-security_update_2020-006 | |
Apple Mac OS X | =10.14.6-security_update_2020-007 | |
Apple Mac OS X | =10.14.6-security_update_2021-001 | |
Apple Mac OS X | =10.14.6-security_update_2021-002 | |
Apple Mac OS X | =10.14.6-security_update_2021-003 | |
Apple Mac OS X | =10.14.6-supplemental_update | |
Apple Mac OS X | =10.14.6-supplemental_update_2 | |
Apple Mac OS X | =10.15 | |
Apple Mac OS X | =10.15.1 | |
Apple Mac OS X | =10.15.2 | |
Apple Mac OS X | =10.15.3 | |
Apple Mac OS X | =10.15.4 | |
Apple Mac OS X | =10.15.5 | |
Apple Mac OS X | =10.15.6 | |
Apple Mac OS X | =10.15.6 | |
Apple Mac OS X | =10.15.6-supplemental_update | |
Apple Mac OS X | =10.15.7 | |
Apple Mac OS X | =10.15.7 | |
Apple Mac OS X | =10.15.7-security_update_2020 | |
Apple Mac OS X | =10.15.7-security_update_2020-001 | |
Apple Mac OS X | =10.15.7-security_update_2020-005 | |
Apple Mac OS X | =10.15.7-security_update_2020-007 | |
Apple Mac OS X | =10.15.7-security_update_2021-001 | |
Apple Mac OS X | =10.15.7-security_update_2021-002 | |
Apple Mac OS X | =10.15.7-supplemental_update | |
Apple macOS | >=11.0.1<11.4 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Found alongside the following vulnerabilities)
CVE-2021-30746 is a vulnerability in Model I/O that allows an out-of-bounds read.
CVE-2021-30746 affects macOS Big Sur versions up to and excluding 11.4.
CVE-2021-30746 impacts Apple Mojave and Catalina.
CVE-2021-30746 affects iOS and iPadOS versions up to and excluding 14.6.
To fix CVE-2021-30746, update macOS, iOS, or iPadOS to the latest available version.