Apple iOS, macOS, watchOS Sandbox Bypass Vulnerability (CVE-2021-31010)
In affected versions of Apple iOS, macOS, and watchOS, a sandboxed process may be able to circumvent sandbox restrictions.
A remote attacker, without authentication, can achieve partial data exposure, arbitrary modification of data. Federal agencies are required to remediate by 2022-09-15 under CISA BOD 22-01.
This is a Deserialization of Untrusted Data (CWE-502) vulnerability in Apple iOS, macOS, watchOS. A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.. Exploitation requires remote network access, low attack complexity, no authentication required, and no user interaction required.
📧
Phishing link
🖼
Malicious file
🔓
Server compromised
Probably yes if any of these apply:
CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2022-08-25 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2022-09-15.
Manual remediation steps
No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.