CVE-2021-30701: 
macOS vulnerability analysis and mitigation

CVE-2021-30701 is a security vulnerability affecting Apple's ImageIO component that was disclosed and patched in May 2021. The vulnerability was discovered by Mickey Jin of Trend Micro and Ye Zhang of Baidu Security. The issue affects multiple Apple operating systems including tvOS 14.6, iOS 14.6, iPadOS 14.6, macOS Big Sur 11.4, Security Update 2021-003 Catalina, and watchOS 7.5 (Apple Support).

The vulnerability exists in the ImageIO component and involves processing maliciously crafted images that could lead to arbitrary code execution. The issue was addressed with improved checks in the affected systems. The vulnerability has a CVSS v3.1 Base Score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability could allow processing of a maliciously crafted image to lead to arbitrary code execution on the affected system. This means an attacker could potentially execute malicious code with the privileges of the user running the application that processes the crafted image (Apple Support).

Apple has addressed this vulnerability by implementing improved checks in the following software updates: tvOS 14.6, iOS 14.6 and iPadOS 14.6, Security Update 2021-003 Catalina, macOS Big Sur 11.4, and watchOS 7.5. Users should update their devices to these versions or later to protect against this vulnerability (Apple Support).