CVE-2021-30685: 
macOS vulnerability analysis and mitigation

CVE-2021-30685 is an audio file parsing vulnerability that was discovered in Apple's operating systems. The issue was fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, and watchOS 7.5, released on May 24, 2021. The vulnerability could allow parsing of maliciously crafted audio files to lead to disclosure of user information (Apple Support).

The vulnerability was addressed by implementing improved checks in the audio parsing functionality. It has a CVSS v3.1 Base Score of 5.5 (MEDIUM) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The vulnerability requires local access and user interaction, but could lead to high confidentiality impact without affecting integrity or availability (NVD).

When successfully exploited, the vulnerability could lead to disclosure of user information through parsing of maliciously crafted audio files. The vulnerability affects multiple Apple operating systems including iOS, iPadOS, macOS, tvOS and watchOS (Apple Support).

Apple addressed this vulnerability by releasing security updates across their affected operating systems. Users should update to tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, or watchOS 7.5 depending on their device (Apple Support).