CVE-2021-1811: 
macOS vulnerability analysis and mitigation

CVE-2021-1811 is a logic vulnerability discovered in Apple's CoreText component that affects multiple Apple products. The vulnerability was fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. The vulnerability was discovered by Xingwei Lin of Ant Security Light-Year Lab (Apple Advisory).

The vulnerability is a logic issue in CoreText that occurs when processing maliciously crafted fonts. The issue could result in the disclosure of process memory due to improper state management. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (Medium) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability allows an attacker to disclose process memory by processing a maliciously crafted font. This could potentially lead to exposure of sensitive information stored in the application's memory (Apple Advisory).

Apple has addressed this vulnerability by improving state management in the affected components. Users are advised to update to the following versions: iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5 (Apple Advisory).