CVE-2021-1785: 
macOS vulnerability analysis and mitigation

CVE-2021-1785 is an out-of-bounds read vulnerability discovered in Apple's ImageIO component that was disclosed and patched in January 2021. The vulnerability affects multiple Apple operating systems including macOS Big Sur 11.2, macOS Catalina 10.15.7, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. The issue was discovered by Xingwei Lin of Ant Security Light-Year Lab and was addressed by Apple with improved input validation (Apple Security).

The vulnerability is classified as an out-of-bounds read issue in the ImageIO component that could be triggered when processing maliciously crafted images. The vulnerability has a CVSS v3.1 base score of 7.8 (HIGH) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, processing a maliciously crafted image may lead to arbitrary code execution on the affected system. This could potentially allow attackers to execute malicious code with the privileges of the application processing the image (Apple Security).

Apple addressed this vulnerability by implementing improved input validation in the following security updates: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Users are advised to update their systems to these versions or later to protect against this vulnerability (Apple Security).