IRONSMITHINTEL
HIGHCVSS7.8
|
Actively Exploited
|CISA KEV|CVE-2021-30860|Auth: none — unauthenticated|Reboot: required|Manual only

Apple Multiple Products Integer Overflow Vulnerability (CVE-2021-30860)

Apple iOS, iPadOS, macOS, and watchOS CoreGraphics contain an integer overflow vulnerability which may allow code execution when processing a maliciously crafted PDF. The vulnerability is also known under the moniker of FORCEDENTRY.

Published Aug 24, 2021 · Updated May 17, 2026
Why patchRisk explained in plain English
Worst-case scenarioIf unpatched

A local attacker, without authentication, can achieve full data confidentiality loss, arbitrary modification of data, complete denial of service or system unavailability. Federal agencies are required to remediate by 2021-11-17 under CISA BOD 22-01.

How the attack worksNo clicks needed

This is a Integer Overflow (CWE-190) vulnerability in Apple Multiple Products. An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Exploitation requires local access, low attack complexity, no authentication required, and user interaction required.

Am I affected?Quick check

Probably yes if any of these apply:

Apple Device Administrators
Endpoint Security
IT Security
Running ipados: v < 14.8; iphone os: v < 12.5.5, 13.0 ≤ v < 14.8; mac os x: 10.15 ≤ v < 10.15.7, 10.15.7; macos: v < 11.6; watchos: v < 7.6.2; xpdf: v < 4.04; poppler: v < 22.09.0
Real-world incidentsWhat we've seen

CISA added this CVE to the Known Exploited Vulnerabilities catalog on 2021-11-03 based on evidence of active exploitation in the wild. Federal agencies required to remediate by 2021-11-17.

How to patch

Manual remediation steps

1
Identify affected hosts: query inventory for general installs in scope.
2
Apply the vendor security update referenced in CVE-2021-30860's advisory. No specific KB/version is encoded yet — consult the linked MSRC/vendor URL.
3
Verify the fix per the vendor's published verification steps.
4
Document the remediation in your change ticket and re-scan with your vulnerability scanner to confirm closure.
PowerShell automationComing soon

No tested PowerShell script for this entry yet. We’re prioritising automation based on user demand.

References

CVE-2021-30860MSRC AdvisoryNVDVendor Advisory