CVE-2021-30723: 
macOS vulnerability analysis and mitigation

CVE-2021-30723 is an information disclosure vulnerability discovered in Apple's Model I/O component that affects multiple Apple operating systems including macOS Big Sur, Catalina, Mojave, iOS 14.6 and iPadOS 14.6. The vulnerability was identified and reported by Mickey Jin of Trend Micro. When processing a maliciously crafted USD file, the vulnerability could lead to disclosure of memory contents (Apple Support).

The vulnerability stems from an information disclosure issue in the Model I/O component that was addressed with improved state management. The issue has a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required and user interaction is needed (NVD).

When exploited, the vulnerability allows processing of maliciously crafted USD files to disclose contents of memory. This could potentially lead to exposure of sensitive information stored in memory at the time of exploitation (Apple Support).

Apple has addressed this vulnerability by implementing improved state management in the following updates: macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Users are advised to update to these versions to mitigate the vulnerability (Apple Support).