CVE-2021-30657

ENISA EUVD: EUVD-2021-17574 ↗

Exploited in the Wild ✓ Confirmed 0-Day

Triaged: March 20, 2026 9 articles Published: 2021-09-08

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

83.08%

probability

This CVE has a 83.08% probability of being exploited in the next 30 days.

0% Top 99.3th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

5.5

MEDIUM

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

None

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

CVSS v2 (legacy)

4.3

MEDIUM

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

None

Integrity

Partial

Availability

None

AV:N/AC:M/Au:N/C:N/I:P/A:N

Description

VulnerabilityLookup (CNA)

A logic issue was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina. A malicious application may bypass Gatekeeper checks. Apple is aware of a report that this issue may have been actively exploited..

Affected Products

Apple

macOS

unspecified

Apple

macOS

unspecified

apple

mac os x

apple

macos

Apple

macOS

unspecified <11.3

Apple

macOS

unspecified <2021

Attack Intelligence

CWE-284 · Improper Access Control CWE-285 · Improper Authorization CWE-862 · Missing Authorization

Exploits & PoC

shubham0d/CVE-2021-30657

A sample POC for CVE-2021-30657 affecting MacOS

29 2021-11-08

1 repo — triés par ⭐ Rechercher sur GitHub ↗

https://support.apple.com/en-us/HT212325

x_refsource_MISC

https://support.apple.com/en-us/HT212326

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

92%

EPSS 83.08%

CVSS v3.1 5.5

Mentions 9

Last Seen Nov 09, 2021

CNA Information

CNA Assigner

apple

Analyst Note

Multiple authoritative sources (BleepingComputer) explicitly state CVE-2021-30657 was a zero-day exploited in the wild, fixed by Apple in iOS 15.0.2. Article titles confirm active exploitation preceded or coincided with patch availability (e.g., 'Emergency Apple iOS 15.0.2 update fixes zero-day used in attacks'). The 2021 CVE year aligns with the 2021 patch date, and multiple independent reports confirm exploitation by NSO spyware actors.

Threat Actors 1

Lazarus Group

apt_group Information theft and espionage 🇰🇵 KP

Triage Info

Decided atMar 20, 2026

Published DateSep 08, 2021