#VU53442 Input validation error in macOS - CVE-2021-30713
Published: May 24, 2021 / Updated: October 5, 2021
Vulnerability identifier: #VU53442
Vulnerability risk: Medium
CVSSv4.0: CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:A/U:Green
CVE-ID: CVE-2021-30713
CWE-ID: CWE-20
Exploitation vector: Local access
Exploit availability:
The vulnerability is being exploited in the wild
Vulnerable software:
macOS
macOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a local user to bypass Privacy preferences.
The vulnerability exists due to insufficient validation of user-supplied input within the TCC subsystem. A malicious application can bypass Privacy preferences and gain full disk access, perform screen recording or gain other permissions without requiring user's explicit consent.
Note, the vulnerability is being actively exploited in the wild by XCSSET malware.
Remediation
Install updates from vendor's website.