CVE-2021-1745: 
macOS vulnerability analysis and mitigation

CVE-2021-1745 is a security vulnerability discovered in Apple's Model I/O component that affects macOS Big Sur 11.0.1, macOS Catalina 10.15.7, macOS Mojave 10.14.6, iOS 14.4, and iPadOS 14.4. The vulnerability was fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4, released in early 2021. The issue was identified by Mickey Jin & Junzhi Lu of Trend Micro working with Trend Micro's Zero Day Initiative (Apple Support, NVD).

The vulnerability is characterized as an out-of-bounds read issue in the Model I/O component that was addressed with improved input validation. The severity of this vulnerability is rated as HIGH with a CVSS v3.1 Base Score of 7.8 (Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H) (NVD).

When exploited, processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution. This could potentially allow attackers to execute malicious code or cause system crashes (Apple Support).

Apple addressed this vulnerability by implementing improved input validation in the affected systems. Users should update to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4, or iPadOS 14.4 to protect against this vulnerability (Apple Support).