CVE-2021-1773: 
macOS vulnerability analysis and mitigation

CVE-2021-1773 is a logic vulnerability discovered in Apple's ImageIO component that was disclosed and patched in January 2021. The vulnerability affects multiple Apple operating systems including macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. The issue was discovered by Xingwei Lin of Ant Security Light-Year Lab (Apple Security).

The vulnerability is characterized as a logic issue in the ImageIO component that could lead to a denial of service condition when processing maliciously crafted images. Apple addressed this vulnerability by improving state management in the affected systems (NVD). The vulnerability received a CVSS v3.1 base score of 5.5 (Medium) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H (NVD).

When exploited, this vulnerability could allow an attacker to cause a denial of service condition through processing a maliciously crafted image. The impact is limited to service disruption, with no reported capability for code execution or information disclosure (Apple Security).

Apple has released security updates to address this vulnerability across multiple platforms: iOS 14.4 and iPadOS 14.4 for iPhone 6s and later, iPad Pro, iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch 7th generation; macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave; watchOS 7.3 for Apple Watch Series 3 and later; and tvOS 14.4 for Apple TV 4K and Apple TV HD (Apple Security).