CVE-2021-31010

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

Published: Aug 24, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-31010
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-502

OWASP TOP 10:

A8 - Insecure Deserialization

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	10.15	10.15.7
apple / mac_os_x	10.15.7-supplemental_update	10.15.7-supplemental_update.x
apple / mac_os_x	10.15.7-security_update_2020-005	10.15.7-security_update_2020-005.x
apple / mac_os_x	10.15.7-security_update_2020-007	10.15.7-security_update_2020-007.x
apple / mac_os_x	10.15.7	10.15.7.x
apple / mac_os_x	10.15.7-security_update_2020-001	10.15.7-security_update_2020-001.x
apple / mac_os_x	10.15.7-security_update_2020	10.15.7-security_update_2020.x
apple / mac_os_x	10.15.7-security_update_2021-001	10.15.7-security_update_2021-001.x
apple / mac_os_x	10.15.7-security_update_2021-002	10.15.7-security_update_2021-002.x
apple / mac_os_x	10.15.7-security_update_2021-003	10.15.7-security_update_2021-003.x
apple / ipados	-	14.8
apple / watchos	-	7.6.2
apple / mac_os_x	10.15.7-security_update_2021-006	10.15.7-security_update_2021-006.x
apple / iphone_os	12.0	12.5.5
apple / macos	11.0	11.6
apple / mac_os_x	10.15.7-security_update_2021-008	10.15.7-security_update_2021-008.x
apple / mac_os_x	10.15.7-security_update_2021-007	10.15.7-security_update_2021-007.x
apple / mac_os_x	10.15.7-security_update_2022-002	10.15.7-security_update_2022-002.x
apple / mac_os_x	10.15.7-security_update_2022-001	10.15.7-security_update_2022-001.x
apple / mac_os_x	10.15.7-security_update_2022-003	10.15.7-security_update_2022-003.x
apple / mac_os_x	10.15.7-security_update_2022-004	10.15.7-security_update_2022-004.x
apple / iphone_os	14.0	14.8

Vulnerability Database

290,273

CVE-2021-31010