CVE-2021-30950: 
macOS vulnerability analysis and mitigation

CVE-2021-30950 is a security vulnerability discovered in Apple's macOS operating systems that was disclosed and patched in December 2021. The vulnerability affects macOS Monterey, Big Sur, and Catalina versions. It is characterized as a logic issue in the Archive Utility component that could allow a malicious application to bypass Gatekeeper checks (Apple Monterey, Apple Big Sur, Apple Catalina).

The vulnerability is a logic issue in the Archive Utility component that was addressed with improved state management. It has been assigned a CVSS v3.1 base score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating local access is required and user interaction is needed (NVD).

When exploited, this vulnerability allows a malicious application to bypass Gatekeeper checks, which is a security feature in macOS that helps ensure only trusted software runs on a user's Mac. This could potentially allow unauthorized applications to execute without proper security verification (Apple Monterey).

Apple has addressed this vulnerability by releasing security updates for affected operating systems: macOS Monterey 12.1, Security Update 2021-008 Catalina, and macOS Big Sur 11.6.2. Users should update their systems to these versions or later to mitigate the vulnerability (Apple Monterey, Apple Big Sur, Apple Catalina).

The vulnerability was discovered and reported by security researcher @gorelics. Apple acknowledged the researcher's contribution in their security advisory documentation (Apple Monterey).