CVE-2021-30964: 
macOS vulnerability analysis and mitigation

CVE-2021-30964 is a security vulnerability discovered in Apple's operating systems that was fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2, and iPadOS 15.2, released on December 13, 2021. The vulnerability is related to an inherited permissions issue in the TCC (Transparency, Consent, and Control) component that could allow a malicious application to bypass Privacy preferences (Apple Support, Apple iOS).

The vulnerability stems from an inherited permissions issue in Apple's TCC (Transparency, Consent, and Control) system. The issue was addressed by implementing additional restrictions to prevent unauthorized access to privacy settings. The vulnerability has been assigned a CVSS 3.1 Base Score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N, indicating local access is required and user interaction is needed (NVD).

If exploited, this vulnerability could allow a malicious application to bypass Privacy preferences on affected Apple devices. This could potentially lead to unauthorized access to sensitive user information that would normally require explicit user permission to access (Apple Support).

Apple has addressed this vulnerability by implementing additional restrictions in the affected operating systems. Users should update their devices to macOS Monterey 12.1, watchOS 8.3, iOS 15.2, or iPadOS 15.2 or later versions to protect against this vulnerability. The fix was released as part of Apple's December 13, 2021 security updates (Apple Support).

The vulnerability was discovered and reported by Andy Grant of Zoom Video Communications, highlighting the ongoing security research efforts by major technology companies in identifying potential security issues in widely-used operating systems (Apple Support).