CVE-2021-1790: 
macOS vulnerability analysis and mitigation

CVE-2021-1790 is a security vulnerability discovered in Apple's FontParser component that affects multiple versions of macOS including Catalina 10.15.7. The vulnerability was disclosed and patched by Apple on February 1, 2021, as part of macOS Big Sur 11.2 and Security Update 2021-001 for Catalina and Mojave. The vulnerability was identified by Peter Nguyen Vu Hoang of STAR Labs (Apple Advisory).

The vulnerability is classified as an out-of-bounds read issue in the FontParser component. The vulnerability received a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue was addressed by Apple through improved input validation in the affected systems (NVD).

When exploited, the vulnerability could allow processing of maliciously crafted fonts to lead to arbitrary code execution on the affected system. This means an attacker could potentially execute malicious code with the privileges of the target application (Apple Advisory).

Apple addressed this vulnerability by releasing security updates in macOS Big Sur 11.2, Security Update 2021-001 Catalina, and Security Update 2021-001 Mojave. Users are advised to update their systems to these versions or later to mitigate the vulnerability (Apple Advisory).