CVE-2021-31010

CVE Database · CVE-2021-31010

CVE-2021-31010

· HIGHAnalyzed

CVSS v3.1

7.5

EPSS

3.67%

Published

Aug 24, 2021

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2022-08-25 · Due: 2022-09-15

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Weaknesses (CWE)

CWE-502CWE-502

Affected Products (22)

apple · ipados (up to 14.8)vulnerable

apple · iphone_os (up to 12.5.5)vulnerable

apple · iphone_os (up to 14.8)vulnerable

apple · mac_os_x (up to 10.15.7)vulnerable

apple · mac_os_xvulnerable