CVE-2021-30746: 
macOS vulnerability analysis and mitigation

CVE-2021-30746 is an out-of-bounds read vulnerability discovered in Apple's Model I/O component that was fixed in May 2021. The vulnerability affects multiple Apple operating systems including macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. When processing a maliciously crafted USD file, the vulnerability could lead to disclosure of memory contents (Apple Security).

The vulnerability is classified as an out-of-bounds read issue (CWE-125) that was addressed by Apple through improved input validation. The CVSS v3.1 base score is 5.5 (Medium) with the following vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. This indicates local access is required, low attack complexity, no privileges required, user interaction required, scope unchanged, high confidentiality impact, and no impact to integrity or availability (NVD).

The primary impact of this vulnerability is the potential disclosure of memory contents when processing maliciously crafted USD files. This could lead to information leakage and exposure of sensitive data from the affected system's memory (Apple Security).

Apple has addressed this vulnerability by implementing improved input validation in the following updates: macOS Big Sur 11.4, Security Update 2021-003 Catalina, Security Update 2021-004 Mojave, iOS 14.6 and iPadOS 14.6. Users should update their systems to these versions or later to mitigate the vulnerability (Apple Security).