CVE-2021-1867: 
macOS vulnerability analysis and mitigation

CVE-2021-1867 is a security vulnerability discovered in Apple's operating systems that was fixed in iOS 14.5, iPadOS 14.5, and macOS Big Sur 11.3, released on April 26, 2021. The vulnerability was identified as an out-of-bounds read issue in the Apple Neural Engine component (Apple Support, Apple Support). The vulnerability was discovered by Zuozhi Fan (@pattern_F_) and Wish Wu of Ant Group Tianqiong Security Lab.

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that was addressed with improved input validation. The vulnerability has a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, and a CVSS v2.0 base score of 9.3 (HIGH) with the vector (AV:N/AC:M/Au:N/C:C/I:C/A:C) (NVD).

A malicious application exploiting this vulnerability may be able to execute arbitrary code with kernel privileges. This means an attacker could potentially gain complete control over the affected device, accessing sensitive data and performing unauthorized operations with the highest system privileges (Apple Support).

Apple addressed this vulnerability by improving input validation in iOS 14.5, iPadOS 14.5, and macOS Big Sur 11.3. Users should update their devices to these versions or later to protect against this vulnerability (Apple Support, Apple Support).