CVE-2021-30963: 
macOS vulnerability analysis and mitigation

CVE-2021-30963 is a security vulnerability discovered in Apple's CoreAudio component affecting macOS Big Sur and Catalina operating systems. The vulnerability was disclosed and patched in December 2021 through Security Update 2021-008 Catalina and macOS Big Sur 11.6.2. The issue was discovered by JunDong Xie of Ant Security Light-Year Lab (Apple Support).

The vulnerability is classified as a buffer overflow issue in the CoreAudio component that was addressed with improved memory handling. The vulnerability has a CVSS 3.1 Base Score of 5.5 (MEDIUM) with a vector string of CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. It is categorized under CWE-120 (Buffer Copy without Checking Size of Input) (NVD).

When exploited, this vulnerability allows parsing of a maliciously crafted audio file to lead to disclosure of user information. The vulnerability primarily affects the confidentiality of user data, with no direct impact on system integrity or availability (Apple Support, NVD).

Apple has addressed this vulnerability by improving memory handling in CoreAudio. Users should update to Security Update 2021-008 Catalina or macOS Big Sur 11.6.2, depending on their operating system version. These updates were released on December 13, 2021 (Apple Support).