CVE-2021-30937: 
macOS vulnerability analysis and mitigation

CVE-2021-30937 is a memory corruption vulnerability in Apple's kernel that was disclosed and patched in December 2021. The vulnerability affects multiple Apple operating systems including macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, and watchOS 8.3 (Apple Support, Apple Support).

The vulnerability is a memory corruption issue in the kernel that was addressed with improved locking mechanisms. It has been assigned a CVSS 3.1 base score of 7.8 (HIGH) with vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD). The vulnerability was discovered by Sergei Glazunov of Google Project Zero (Apple Support).

If exploited, this vulnerability allows a malicious application to execute arbitrary code with kernel privileges. This means an attacker could gain complete control over the affected device with the highest system privileges (Apple Support, NVD).

Apple has released security updates to address this vulnerability across their affected operating systems. The fixes are included in macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, and watchOS 8.3. Users are advised to update their systems to these versions (Apple Support).