CVE-2021-1743: 
macOS vulnerability analysis and mitigation

CVE-2021-1743 is an out-of-bounds read vulnerability discovered in Apple's ImageIO component. The vulnerability was fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4, released in January/February 2021. The vulnerability was discovered by Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro's Zero Day Initiative, and Xingwei Lin of Ant Security Light-Year Lab (Apple Security).

The vulnerability is classified as an out-of-bounds read issue in the ImageIO component that was addressed with improved bounds checking. The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is categorized under CWE-125 (Out-of-bounds Read) (NVD).

Processing a maliciously crafted image may lead to arbitrary code execution on affected systems. This could potentially allow attackers to execute unauthorized code and compromise the security of the system (Apple Security).

Apple has addressed this vulnerability by implementing improved bounds checking in the affected systems. Users should update to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 or iPadOS 14.4 or later versions to protect against this vulnerability (Apple Security).