CVE-2021-30860

ENISA EUVD: EUVD-2021-17777 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 8 articles Published: 2021-08-24

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

72.37%

probability

This CVE has a 72.37% probability of being exploited in the next 30 days.

0% Top 98.8th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

6.8

MEDIUM

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Affected Products

Apple

macOS

unspecified

Apple

macOS

unspecified

Apple

watchOS

unspecified

Apple

iOS

unspecified

apple

ipados

apple

iphone os

apple

mac os x

apple

macos

apple

watchos

Apple

IOS

unspecified <14.8

Apple

watchOS

unspecified <7.6

Apple

macOS

unspecified <11.6

Apple

macOS

unspecified <2021-005

Apple

IOS

unspecified <14.8

Attack Intelligence

CWE-190 · Integer Overflow CWE-682 · Incorrect Calculation

Google Project Zero

Discovered

Sept. 7, 2021

Patched

Sept. 13, 2021

Reported by

The Citizen Lab

Root Cause Analysis

???

Exploits & PoC

jeffssh/CVE-2021-30860

Collection of materials relating to FORCEDENTRY

100 2024-03-30

Levilutz/CVE-2021-30860

Scan for evidence of CVE-2021-30860 (FORCEDENTRY) exploit

10 2021-09-21

2 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.apple.com/en-us/HT212804

x_refsource_MISC

https://support.apple.com/en-us/HT212805

x_refsource_MISC

https://support.apple.com/en-us/HT212807

x_refsource_MISC

https://support.apple.com/en-us/HT212806

x_refsource_MISC

http://seclists.org/fulldisclosure/2021/Sep/28

mailing-list x_refsource_FULLDISC

http://seclists.org/fulldisclosure/2021/Sep/27

mailing-list x_refsource_FULLDISC

Signal Intelligence

Confidenceⓘ

92%

EPSS 72.37%

CVSS v3.1 7.8

Mentions 8

Last Seen Nov 09, 2021

CNA Information

CNA Assigner

apple

Analyst Note

CVE-2021-30860 is confirmed as a critical zero-day affecting Apple products with evidence of active exploitation in the wild, reported by Google Project Zero, and patched across multiple Apple platforms. The high CVSS score (7.8), integer overflow vulnerability enabling arbitrary code execution via malicious PDFs, and official security updates from Apple provide strong validation of the threat.

Triage Info

Decided atMar 03, 2026

Published DateAug 24, 2021