CVE-2021-1774: 
macOS vulnerability analysis and mitigation

CVE-2021-1774 is a security vulnerability affecting multiple Apple operating systems including macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. The vulnerability was discovered by Xingwei Lin of Ant Security Light-Year Lab and was fixed in updates released on January 26, 2021. The issue involves processing maliciously crafted images that could lead to arbitrary code execution (Apple Security).

The vulnerability exists in the ImageIO component of affected Apple operating systems. The issue was addressed with improved checks to prevent arbitrary code execution when processing maliciously crafted images. The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

If exploited, this vulnerability could allow processing of a maliciously crafted image to lead to arbitrary code execution on the affected system. This means an attacker could potentially execute malicious code with the privileges of the user running the application that processes the crafted image (Apple Security).

Apple has addressed this vulnerability by implementing improved checks in the affected operating systems. Users should update to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 or iPadOS 14.4 or later versions to protect against this vulnerability (Apple Security).