CVE-2021-30695: 
macOS vulnerability analysis and mitigation

CVE-2021-30695 is an out-of-bounds read vulnerability discovered in Apple's Model I/O component that affects multiple Apple operating systems including macOS Big Sur, Catalina, Mojave, iOS 14.6 and iPadOS 14.6. The vulnerability was discovered by Mickey Jin (@patch1t) and Junzhi Lu (@pwn0rz) of Trend Micro and was fixed in May 2021 with the release of macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6 (Apple Support).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that occurs when processing maliciously crafted USD files. The vulnerability has a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The issue was addressed by implementing improved bounds checking in the affected systems (NVD).

When exploited, this vulnerability may lead to the disclosure of memory contents when processing a maliciously crafted USD file. This could potentially expose sensitive information stored in memory to attackers (Apple Support).

Apple has addressed this vulnerability by implementing improved bounds checking in the following updates: macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Users are advised to update their systems to these versions or later to mitigate the vulnerability (Apple Support).