CVE-2021-1736: 
macOS vulnerability analysis and mitigation

CVE-2021-1736 is an out-of-bounds read vulnerability discovered in Apple's ImageIO component that affects macOS operating systems. The vulnerability was fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave, with the patch being released on February 1, 2021. The vulnerability was discovered by Xingwei Lin of Ant Security Light-Year Lab (Apple Advisory).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) in the ImageIO component. It received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access vector, low attack complexity, no privileges required, and user interaction required. The vulnerability was addressed by implementing improved input validation (NVD).

Processing a maliciously crafted image may lead to arbitrary code execution on affected systems. The vulnerability affects multiple versions of macOS including Big Sur (versions before 11.2), Catalina (10.15.7), and Mojave (10.14.6) (Apple Advisory).

Apple addressed this vulnerability by implementing improved input validation in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Users are advised to update their systems to these versions or later to mitigate the vulnerability (Apple Advisory).