CVE-2021-30692: 
macOS vulnerability analysis and mitigation

CVE-2021-30692 is an information disclosure vulnerability discovered in Apple's Model I/O component that affects multiple Apple operating systems including macOS Big Sur, Catalina, Mojave, iOS 14.6 and iPadOS 14.6. The vulnerability was disclosed and patched by Apple in May 2021. When processing a maliciously crafted USD file, the vulnerability could allow disclosure of memory contents (Apple Support, NVD).

The vulnerability stems from an information disclosure issue in the Model I/O component that was addressed with improved state management. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The vulnerability requires user interaction to process a maliciously crafted USD file, which could then lead to memory content disclosure (NVD).

The vulnerability allows an attacker to disclose memory contents through a maliciously crafted USD file. This could potentially expose sensitive information stored in memory at the time of exploitation (Apple Support).

Apple has released patches for this vulnerability in the following updates: macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Users are advised to update to these versions to mitigate the vulnerability (Apple Support).