CVE-2021-30855
First published: Tue Aug 24 2021(Updated: )
A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15, watchOS 8, macOS Big Sur 11.6. An application may be able to access restricted files.
Credit: Zhipeng Huo @R3dF09 Yuebin Sun @yuebinsun2020 Tencent Security Xuanwu Lab cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS | <11.6 | 11.6 |
| tvOS | <15 | 15 |
| macOS Catalina | ||
| Apple iOS, iPadOS, and watchOS | <14.8 | |
| iOS | <14.8 | |
| Apple iOS and macOS | <10.15.7 | |
| Apple iOS and macOS | =10.15.7 | |
| Apple iOS and macOS | =10.15.7-security_update_2020-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-001 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-002 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-003 | |
| Apple iOS and macOS | =10.15.7-security_update_2021-004 | |
| Apple iOS and macOS | =10.15.7-supplemental_update | |
| Apple iOS and macOS | <11.6 | |
| tvOS | <15.0 | |
| Apple iOS, iPadOS, and watchOS | <8.0 | |
| Apple iOS, iPadOS, and watchOS | <15 | 15 |
| Apple iOS, iPadOS, and watchOS | <15 | 15 |
| Apple iOS, iPadOS, and watchOS | <14.8 | 14.8 |
| Apple iOS, iPadOS, and watchOS | <14.8 | 14.8 |
| Apple iOS, iPadOS, and watchOS | <8 | 8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212804 (Advisory)
- https://support.apple.com/en-us/HT212805 (Advisory)
- https://support.apple.com/en-us/HT212807 (Advisory)
- https://support.apple.com/en-us/HT212814 (Advisory)
- https://support.apple.com/en-us/HT212815 (Advisory)
- https://support.apple.com/en-us/HT212819 (Advisory)
- https://support.apple.com/kb/HT212815
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30811
- CVE-2021-30838
- CVE-2021-30834
- CVE-2021-30928
- CVE-2021-30860
- CVE-2021-31010
- CVE-2021-30827
- CVE-2021-30828
- CVE-2021-30829
- CVE-2021-22925
- CVE-2021-30832
- CVE-2021-30841
- CVE-2021-30842
- CVE-2021-30843
- CVE-2021-30853
- CVE-2021-30933
- CVE-2021-30835
- CVE-2021-30847
- CVE-2021-30830
- CVE-2021-30865
- CVE-2021-30857
- CVE-2021-30859
- CVE-2021-30864
- CVE-2013-0340
- CVE-2021-30813
- CVE-2021-30819
- CVE-2021-30855
- CVE-2021-30925
- CVE-2021-30850
- CVE-2021-30845
- CVE-2021-30844
- CVE-2021-30858
- CVE-2021-30837
- CVE-2021-30866
- CVE-2021-30831
- CVE-2021-30840
- CVE-2021-30852
- CVE-2021-30814
- CVE-2021-30854
- CVE-2021-30808
- CVE-2021-30897
- CVE-2021-30884
- CVE-2021-30818
- CVE-2021-30823
- CVE-2021-30836
- CVE-2021-30809
- CVE-2021-30846
- CVE-2021-30849
- CVE-2021-30851
- CVE-2021-30810
- CVE-2021-30783
- CVE-2020-29622
- CVE-2021-30713
- CVE-2021-30825
- CVE-2021-30863
- CVE-2021-30816
- CVE-2021-30882
- CVE-2021-30867
- CVE-2021-30874
- CVE-2021-30898
- CVE-2021-30870
- CVE-2021-30815
- CVE-2021-31001
- CVE-2021-30826
- CVE-2021-31005
- CVE-2021-31008
- CVE-2021-30848
- CVE-2021-30930
- CVE-2021-30820
- CVE-2021-30905
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-30855.
What is the affected software?
The affected software includes Apple watchOS up to version 8, Apple iOS up to version 15, Apple iPadOS up to version 15, Apple macOS Big Sur up to version 11.6, Apple Catalina, and Apple tvOS up to version 15.
What is the severity of CVE-2021-30855?
The severity of CVE-2021-30855 is not specified in the vulnerability description.
How can I fix this vulnerability?
To fix this vulnerability, update your software to the latest available version provided by Apple.
Where can I find more information about CVE-2021-30855?
You can find more information about CVE-2021-30855 on the official Apple support page: [link](https://support.apple.com/en-us/HT212814).
- agent/type
- agent/references
- agent/weakness
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/trending
- collector/apple-support
- agent/software-canonical-lookup-request
- agent/source
- agent/author
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- vendor/apple
- canonical/apple macos
- canonical/tvos
- canonical/macos catalina
- canonical/apple ios, ipados, and watchos
- canonical/ios
- canonical/apple ios and macos
- version/apple ios and macos/10.15.7
- version/apple ios and macos/10.15.7-security_update_2020-001
- version/apple ios and macos/10.15.7-security_update_2021-001
- version/apple ios and macos/10.15.7-security_update_2021-002
- version/apple ios and macos/10.15.7-security_update_2021-003
- version/apple ios and macos/10.15.7-security_update_2021-004
- version/apple ios and macos/10.15.7-supplemental_update