CVE-2021-30772: 
macOS vulnerability analysis and mitigation

CVE-2021-30772 is a security vulnerability discovered in macOS that was fixed in macOS Big Sur 11.5. The vulnerability was identified in the CoreServices component of macOS operating systems, including macOS Big Sur, Catalina, and Mojave (Apple Advisory, NVD). The vulnerability was discovered by Zhongcheng Li (CK01) and disclosed to Apple, who addressed it in July 2021.

The vulnerability is characterized by insufficient checks in the CoreServices component that could allow privilege escalation. It received a CVSS v3.1 base score of 7.8 (HIGH) with vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access requirements with user interaction needed (NVD). The issue was addressed by Apple through improved validation checks in the system.

If exploited, this vulnerability allows a malicious application to gain root privileges on the affected system. This means an attacker could potentially execute arbitrary code with the highest system privileges, leading to complete system compromise (Apple Advisory).

Apple addressed this vulnerability in macOS Big Sur 11.5, Security Update 2021-004 Catalina, and Security Update 2021-005 Mojave. Users should update their systems to these or later versions to protect against this vulnerability (Apple Advisory, Apple Catalina, Apple Mojave).