What is CVE-2021-30789?

CVE-2021-30789 is a vulnerability in CoreText that allows an out-of-bounds read.

What software is affected by CVE-2021-30789?

Apple watchOS up to version 7.6, Apple tvOS up to version 14.7, Apple Catalina, and Apple macOS Big Sur up to version 11.5 are affected by CVE-2021-30789.

What is the severity of CVE-2021-30789?

The severity of CVE-2021-30789 has not been specified.

How can I fix CVE-2021-30789?

To fix CVE-2021-30789, update your software to the latest version provided by Apple.

Where can I find more information about CVE-2021-30789?

You can find more information about CVE-2021-30789 on the Apple support page.

Vulnerability/
CVE-2021-30789

high

7.8

CWE

20 125

19/7/2021

8/9/2021

7/6/2023

CVE-2021-30789: Input Validation

First published: Mon Jul 19 2021(Updated: )

CoreText. An out-of-bounds read was addressed with improved input validation.

Credit: Sunglin Knownsec 404 teamMickey Jin @patch1t Trend MicroMickey Jin @patch1t Trend MicroSunglin Knownsec 404 teamMickey Jin @patch1t Trend MicroSunglin Knownsec 404 teamMickey Jin @patch1t Trend MicroSunglin Knownsec 404 team product-security@apple.com

Affected Software	Affected Version	How to fix
Apple iPhone OS	<14.7
Apple Mac OS X	>=10.15<=10.15.6
Apple Mac OS X	=10.15.7
Apple Mac OS X	=10.15.7-security_update_2020
Apple Mac OS X	=10.15.7-security_update_2020-001
Apple Mac OS X	=10.15.7-security_update_2020-005
Apple Mac OS X	=10.15.7-security_update_2020-007
Apple Mac OS X	=10.15.7-security_update_2021-001
Apple Mac OS X	=10.15.7-security_update_2021-002
Apple Mac OS X	=10.15.7-security_update_2021-003
Apple Mac OS X	=10.15.7-supplemental_update
Apple macOS	<11.5
Apple macOS	>=11.0<11.5
Apple tvOS	<14.7
Apple watchOS	<7.6
Apple watchOS	<7.6	7.6
Apple Catalina
Apple macOS Big Sur	<11.5	11.5
Apple tvOS	<14.7	14.7

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT212600 (Advisory)
https://support.apple.com/en-us/HT212602 (Advisory)
https://support.apple.com/en-us/HT212604 (Advisory)
https://support.apple.com/en-us/HT212605 (Advisory)
https://support.apple.com/en-us/HT212601

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-30789?
CVE-2021-30789 is a vulnerability in CoreText that allows an out-of-bounds read.
What software is affected by CVE-2021-30789?
Apple watchOS up to version 7.6, Apple tvOS up to version 14.7, Apple Catalina, and Apple macOS Big Sur up to version 11.5 are affected by CVE-2021-30789.
What is the severity of CVE-2021-30789?
The severity of CVE-2021-30789 has not been specified.
How can I fix CVE-2021-30789?
To fix CVE-2021-30789, update your software to the latest version provided by Apple.
Where can I find more information about CVE-2021-30789?
You can find more information about CVE-2021-30789 on the Apple support page.

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/apple-support
agent/software-canonical-lookup-request
collector/nvd-index
vendor/apple
canonical/apple catalina
canonical/apple macos big sur
canonical/apple tvos
canonical/apple watchos
canonical/apple iphone os
canonical/apple mac os x
version/apple mac os x/10.15
version/apple mac os x/10.15.6
version/apple mac os x/10.15.7
version/apple mac os x/10.15.7-security_update_2020
version/apple mac os x/10.15.7-security_update_2020-001
version/apple mac os x/10.15.7-security_update_2020-005
version/apple mac os x/10.15.7-security_update_2020-007
version/apple mac os x/10.15.7-security_update_2021-001
version/apple mac os x/10.15.7-security_update_2021-002
version/apple mac os x/10.15.7-security_update_2021-003
version/apple mac os x/10.15.7-supplemental_update
canonical/apple macos
version/apple macos/11.0