CVE-2021-1757: 
macOS vulnerability analysis and mitigation

CVE-2021-1757 is an out-of-bounds read vulnerability discovered in Apple's IOSkywalkFamily component. The vulnerability was fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4, released in January/February 2021. The vulnerability was discovered by Pan ZhenPeng (@Peterpan0927) of Alibaba Security and Proteas (Apple Security Updates).

The vulnerability is classified as an out-of-bounds read issue in the IOSkywalkFamily component that was addressed with improved bounds checking. It has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H, indicating local access required with low attack complexity (NVD).

When exploited, this vulnerability allows a local attacker to elevate their privileges on the affected system. The out-of-bounds read could potentially lead to information disclosure or system compromise (Apple Security Updates).

Apple addressed this vulnerability by implementing improved bounds checking in the affected component. Users should update to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 or iPadOS 14.4 or later versions to receive the fix (Apple Security Updates).