CVE-2021-30691: 
macOS vulnerability analysis and mitigation

An information disclosure vulnerability (CVE-2021-30691) was discovered in Apple's Model I/O component that affects multiple Apple operating systems including macOS Big Sur, Catalina, Mojave, iOS 14.6 and iPadOS 14.6. The vulnerability was discovered by Mickey Jin (@patch1t) of Trend Micro and was fixed in May 2021 with the release of macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6 (Apple Support).

The vulnerability is related to processing maliciously crafted USD files which could lead to memory contents disclosure. The issue was addressed by improving state management in the Model I/O component. The vulnerability has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability could allow an attacker to disclose memory contents through processing a maliciously crafted USD file. The vulnerability affects multiple versions of Apple's operating systems including iOS, iPadOS, and various versions of macOS (Apple Support).

Apple has released security updates to address this vulnerability in multiple operating system versions. Users should update to macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 or iPadOS 14.6 to mitigate this vulnerability (Apple Support).