CVE-2021-30803: 
macOS vulnerability analysis and mitigation

A permissions issue was discovered in macOS Big Sur affecting Identity Services that could allow a malicious application to access a user's recent Contacts. This vulnerability (CVE-2021-30803) was fixed in macOS Big Sur 11.5, which was released on July 21, 2021. The vulnerability was discovered by Matt Shockley and Csaba Fitzl of Offensive Security (Apple Advisory).

The vulnerability has been assigned a CVSS v3.1 Base Score of 3.3 (LOW) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:L/I:N/A:N. This indicates that the vulnerability requires local access and user interaction to exploit, with potential impact limited to confidentiality breaches. The underlying cause was identified as a permissions validation issue in the Identity Services component (NVD Database).

If exploited, this vulnerability would allow a malicious application to gain unauthorized access to a user's recent Contacts data, potentially compromising user privacy and contact information (Apple Advisory).

Apple addressed this vulnerability by improving validation in the permissions system. Users are advised to update to macOS Big Sur 11.5 or later to receive the fix (Apple Advisory).