CVE-2021-30942: 
macOS vulnerability analysis and mitigation

CVE-2021-30942 is a memory corruption vulnerability discovered in Apple's ColorSync component that affects the processing of ICC profiles. The vulnerability was fixed in multiple Apple operating systems including macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, and watchOS 8.3, released in December 2021. The vulnerability was discovered by Mateusz Jurczyk of Google Project Zero (Apple Security, NVD).

The vulnerability is a memory corruption issue that occurs during the processing of ICC profiles in ColorSync. The issue was addressed by implementing improved input validation. The vulnerability has been assigned a CVSS v3.1 base score of 7.8 (HIGH) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H, indicating local access is required but no privileges are needed, and user interaction is required (NVD).

When exploited, this vulnerability could allow an attacker to execute arbitrary code on the target system by processing a maliciously crafted image. The successful exploitation could lead to complete compromise of the affected system, potentially allowing an attacker to gain the same privileges as the user processing the malicious image (Apple Security).

Apple has addressed this vulnerability by releasing security updates for affected operating systems. Users should update to macOS Big Sur 11.6.2, tvOS 15.2, macOS Monterey 12.1, Security Update 2021-008 Catalina, iOS 15.2 and iPadOS 15.2, or watchOS 8.3 depending on their device (Apple Security).