CVE-2021-1849: 
macOS vulnerability analysis and mitigation

CVE-2021-1849 is a security vulnerability discovered in Apple's code signature validation system that was fixed in multiple Apple operating systems including macOS Big Sur 11.3, iOS 14.5, iPadOS 14.5, watchOS 7.4, and tvOS 14.5, released on April 26, 2021. The vulnerability was discovered by security researcher Siguza (Apple Support).

The vulnerability existed in the AppleMobileFileIntegrity component and involved an issue in code signature validation that could allow malicious applications to bypass Privacy preferences. The issue was addressed by implementing improved checks in the affected systems. The vulnerability has a CVSS v3.1 base score of 7.5 (HIGH) with vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (NVD).

If exploited, this vulnerability could allow a malicious application to bypass Privacy preferences on affected systems, potentially leading to unauthorized access to private user information (Apple Support).

Apple addressed this vulnerability by implementing improved checks in the code signature validation system. Users should update their devices to macOS Big Sur 11.3, iOS 14.5, iPadOS 14.5, watchOS 7.4, or tvOS 14.5 or later versions to receive the security fix (Apple Support).