CVE-2021-30697: 
macOS vulnerability analysis and mitigation

CVE-2021-30697 is a security vulnerability discovered in Apple's Heimdal component that was fixed in multiple Apple operating systems including tvOS 14.6, iOS 14.6 and iPadOS 14.6, macOS Big Sur 11.4, Security Update 2021-004 Mojave, Security Update 2021-003 Catalina, and watchOS 7.5, released on May 24, 2021. The vulnerability was identified as a logic issue that could allow a local user to leak sensitive user information (Apple Support).

The vulnerability was classified as a logic issue in the Heimdal component that was addressed with improved state management. It received a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N, indicating local access required, low attack complexity, low privileges required, no user interaction needed, and potential for high confidentiality impact (NVD).

The vulnerability could allow a local user to leak sensitive user information from the affected systems. The impact is primarily focused on confidentiality, with no direct impact on system integrity or availability (Apple Support).

Apple addressed this vulnerability by implementing improved state management in the Heimdal component. The fix was released in tvOS 14.6, iOS 14.6 and iPadOS 14.6, macOS Big Sur 11.4, Security Update 2021-004 Mojave, Security Update 2021-003 Catalina, and watchOS 7.5. Users should update their devices to these versions or later to mitigate the vulnerability (Apple Support).