CVE-2021-1791: 
macOS vulnerability analysis and mitigation

CVE-2021-1791 is an out-of-bounds read vulnerability discovered in Apple's FairPlay component that could lead to the disclosure of kernel memory. The vulnerability was fixed in multiple Apple operating systems including macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4, released on January 26, 2021. The vulnerability was discovered by Junzhi Lu (@pwn0rz), Qi Sun and Mickey Jin of Trend Micro working with Trend Micro's Zero Day Initiative (Apple Security).

The vulnerability is classified as an out-of-bounds read issue in the FairPlay component that could expose kernel memory contents. The issue was addressed by Apple through improved input validation. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, and a CVSS v2.0 base score of 7.1 (HIGH) with vector (AV:N/AC:M/Au:N/C:C/I:N/A:N) (NVD).

When exploited, this vulnerability allows a malicious application to disclose kernel memory contents, potentially exposing sensitive system information (Apple Security).

Apple has addressed this vulnerability by implementing improved input validation in the affected operating systems. Users should update to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 or iPadOS 14.4 or later versions to mitigate this vulnerability (Apple Security).