A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
References
Link | Resource |
---|---|
https://support.apple.com/en-us/HT212804 | Vendor Advisory |
https://support.apple.com/en-us/HT212805 | Vendor Advisory |
https://support.apple.com/en-us/HT212806 | Vendor Advisory |
https://support.apple.com/en-us/HT212807 | Vendor Advisory |
https://support.apple.com/en-us/HT212824 | Vendor Advisory |
https://support.apple.com/en-us/HT212804 | Vendor Advisory |
https://support.apple.com/en-us/HT212805 | Vendor Advisory |
https://support.apple.com/en-us/HT212806 | Vendor Advisory |
https://support.apple.com/en-us/HT212807 | Vendor Advisory |
https://support.apple.com/en-us/HT212824 | Vendor Advisory |
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-31010 |
Configurations
Configuration 1 (hide)
|
History
22 Oct 2025, 00:17
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Oct 2025, 20:18
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Oct 2025, 19:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
Information
Published : 2021-08-24 19:15
Updated : 2025-10-22 00:17
NVD link : CVE-2021-31010
Mitre link : CVE-2021-31010
CVE.ORG link : CVE-2021-31010
JSON object : View
Products Affected
apple
- watchos
- iphone_os
- macos
- ipados
- mac_os_x
CWE
CWE-502
Deserialization of Untrusted Data