CVE-2021-1747: 
macOS vulnerability analysis and mitigation

CVE-2021-1747 is a security vulnerability discovered in Apple's CoreAudio component. The vulnerability was disclosed and patched in January 2021, affecting multiple Apple operating systems including iOS 14.4, iPadOS 14.4, macOS Big Sur 11.2, watchOS 7.3, and tvOS 14.4. The vulnerability was discovered by JunDong Xie of Ant Security Light-Year Lab (Apple Security).

The vulnerability is classified as an out-of-bounds write issue in the CoreAudio component. According to the National Vulnerability Database, it has a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability was addressed by Apple through improved input validation (NVD).

When exploited, this vulnerability could allow processing of maliciously crafted web content to lead to code execution. This means an attacker could potentially execute arbitrary code on the affected system through specially crafted web content (Apple Security).

Apple addressed this vulnerability in the following software updates: iOS 14.4, iPadOS 14.4, macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, and tvOS 14.4. Users should update their devices to these versions or later to protect against this vulnerability (Apple Security).