CVE-2021-30687: 
macOS vulnerability analysis and mitigation

An out-of-bounds read vulnerability (CVE-2021-30687) was discovered in Apple's ImageIO component. The vulnerability affects multiple Apple operating systems including tvOS 14.6, iOS 14.6, iPadOS 14.6, macOS Big Sur 11.4, Security Update 2021-004 Mojave, Security Update 2021-003 Catalina, and watchOS 7.5. The issue was discovered by Hou JingYi of Qihoo 360 and was addressed by Apple with improved bounds checking (Apple Support).

The vulnerability is classified as an out-of-bounds read issue in the ImageIO component. When processing a maliciously crafted image, the vulnerability could lead to disclosure of user information. The issue was addressed by implementing improved bounds checking. The vulnerability has a CVSS v3.1 base score of 5.5 (MEDIUM) with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

The primary impact of this vulnerability is the potential disclosure of user information when processing maliciously crafted images. The vulnerability affects the confidentiality of user data but does not appear to impact system integrity or availability (Apple Support).

Apple has addressed this vulnerability in the following updates: tvOS 14.6, iOS 14.6 and iPadOS 14.6, macOS Big Sur 11.4, Security Update 2021-004 Mojave, Security Update 2021-003 Catalina, and watchOS 7.5. Users should update their devices to these versions to mitigate the vulnerability (Apple Support).