CVE-2021-30724: CVMServer Vulnerability in macOS and iOS

We discovered a vulnerability in macOS rooted in the Core Virtual Machine Server (CVMServer). The vulnerability, labeled CVE-2021-30724, is triggered by an integer overflow leading to an out-of-bounds memory access, from which point privilege escalation can be attained. It affects devices running older versions of macOS Big Sur 11.4, iOS 14.6, and iPadOS 14.6.

This issue has already been fixed by Apple at the time of writing. This blog entry details where we discovered the vulnerability and how it can be triggered.

Read more…
Source: Trend Micro