CVE-2021-1784: 
macOS vulnerability analysis and mitigation

A permissions issue was discovered in Apple's DiskArbitration component that affects macOS Big Sur, Catalina, and Mojave operating systems. The vulnerability (CVE-2021-1784) was addressed with the release of macOS Big Sur 11.3, Security Update 2021-002 Catalina, and Security Update 2021-003 Mojave on April 26, 2021. The vulnerability was discovered by Mikko Kenttälä of SensorFu, Csaba Fitzl of Offensive Security, and an anonymous researcher (Apple Security).

The vulnerability stems from a permissions issue in the DiskArbitration component of macOS. According to the security advisory, this vulnerability could allow a malicious application to modify protected parts of the file system. The issue was remediated by implementing additional ownership checks in the system. The vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N (NVD).

The vulnerability allows a malicious application to modify protected parts of the file system, potentially compromising system integrity and security. This could lead to unauthorized modifications of critical system files and potential privilege escalation (Apple Security).

Apple has released security updates to address this vulnerability in multiple versions of macOS. Users should update to macOS Big Sur 11.3, Security Update 2021-002 Catalina, or Security Update 2021-003 Mojave depending on their operating system version. These updates implement additional ownership checks to prevent unauthorized modifications to protected parts of the file system (Apple Security).