CVE-2021-30668: 
macOS vulnerability analysis and mitigation

CVE-2021-30668 is a security vulnerability discovered in macOS Big Sur's Software Update component. The vulnerability was disclosed and fixed in macOS Big Sur 11.4, released on May 24, 2021. The issue affects macOS Big Sur versions prior to 11.4, where a person with physical access to a Mac could potentially bypass the Login Window during a software update (Apple Advisory).

The vulnerability is classified as an authentication bypass issue (CWE-287) with a CVSS v3.1 base score of 4.6 (Medium). The attack requires physical access (AV:P) with low attack complexity (AC:L), needs no privileges (PR:N), and requires no user interaction (UI:N). The scope is unchanged (S:U), with no impact on confidentiality (C:N), high impact on integrity (I:H), and no impact on availability (A:N) (NVD).

The vulnerability allows a person with physical access to a Mac to bypass the Login Window specifically during a software update process. This could potentially lead to unauthorized access to the system during the update process (Apple Advisory).

Apple addressed this vulnerability by implementing improved checks in macOS Big Sur 11.4. Users should update their systems to macOS Big Sur 11.4 or later to protect against this vulnerability (Apple Advisory).