Main Vulnerability Database Vulnerabilities #VU60666

Permissions, Privileges, and Access Controls in macOS - CVE-2021-30756

Published: February 16, 2022

Vulnerability identifier: #VU60666

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2021-30756

CWE-ID: CWE-264

Exploitation vector: Local access

Exploit availability: No public exploit available

Vendor: Apple Inc.

Affected software:
macOS

Detailed vulnerability description

The vulnerability allows a attacker to escalate privileges on the system.

The vulnerability exists due to improper permission check in the in Now Playing feature within the MediaRemote subsystem. An attacker with physical access to the system can observe Now Playing information from the lock screen.

How to mitigate CVE-2021-30756

Install updates from vendor's website.

Sources

https://support.apple.com/en-us/HT212529

Permissions, Privileges, and Access Controls in macOS - CVE-2021-30756

Detailed vulnerability description

How to mitigate CVE-2021-30756

Sources

Please verify you're human