CVE-2021-30869

ENISA EUVD: EUVD-2021-17786 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 5, 2026 6 articles Published: 2021-08-24

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

1.72%

probability

This CVE has a 1.72% probability of being exploited in the next 30 days.

0% Top 82.6th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

7.8

HIGH

Attack Vector

Local

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

9.3

HIGH

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

AV:N/AC:M/Au:N/C:C/I:C/A:C

Description

VulnerabilityLookup (CNA)

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 12.5.5, iOS 14.4 and iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, Security Update 2021-006 Catalina. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of reports that an exploit for this issue exists in the wild.

Affected Products

Apple

iOS and iPadOS

unspecified

Apple

macOS

unspecified

Apple

macOS

unspecified

Apple

macOS

unspecified

apple

ipados

apple

iphone os

apple

mac os x

apple

macos

Apple

macOS

unspecified <2021

Apple

macOS

unspecified <12.5

Apple

macOS

unspecified <11.2

Apple

iOS and iPadOS

unspecified <14.4

Attack Intelligence

CWE-664 · Improper Control of a Resource Through its Lifetime CWE-704 · Incorrect Type Conversion CWE-843 · Type Confusion

Google Project Zero

Patched

Sept. 23, 2021

Reported by

Erye Hernandez of Google Threat Analysis Group, Clément Lecigne of Google Threat Analysis Group, and Ian Beer of Google Project Zero

Root Cause Analysis

???

https://support.apple.com/en-us/HT212147

x_refsource_MISC

https://support.apple.com/en-us/HT212146

x_refsource_MISC

https://support.apple.com/en-us/HT212824

x_refsource_MISC

https://support.apple.com/en-us/HT212825

x_refsource_MISC

Signal Intelligence

Confidenceⓘ

95%

EPSS 1.72%

CVSS v3.1 7.8

Mentions 6

Last Seen Nov 09, 2021

CNA Information

CNA Assigner

apple

Analyst Note

Auto-imported from Google Project Zero — confirmed zero-day by definition.

Threat Actors 2

BRONZE HIGHLAND

apt_group Information theft and espionage 🇨🇳 CN

WildPressure

apt_group Information theft and espionage UNKNOWN

Triage Info

Decided atMar 05, 2026

Published DateAug 24, 2021