CVE-2021-1754: 
macOS vulnerability analysis and mitigation

CVE-2021-1754 is a security vulnerability that affects multiple Apple operating systems including macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. The vulnerability was discovered by Xingwei Lin of Ant Security Light-Year Lab and was fixed in updates released on January 26, 2021. Processing a maliciously crafted image may lead to arbitrary code execution (Apple Security).

The vulnerability exists in the ImageIO component of affected Apple operating systems. This issue was addressed with improved checks to prevent arbitrary code execution. The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow an attacker to execute arbitrary code on the affected system through processing of a maliciously crafted image. This could potentially lead to unauthorized access and compromise of user information (Apple Security).

Apple has addressed this vulnerability in the following updates: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Users are advised to update their systems to the latest versions to protect against this vulnerability (Apple Security).