Security readout for executives and security teams
Plain-English summary
CVE-2021-30860 is an Apple vulnerability where opening or processing a malicious PDF could let an attacker run code on the device. Apple said it may have been actively exploited, and CISA lists it in KEV, so unmanaged or outdated Apple endpoints should be treated as urgent exposure.
Executive priority
Treat this as urgent patch governance, not routine backlog. The weakness enables code execution from a crafted PDF, affects common executive and mobile endpoints, and has credible exploitation evidence from Apple and CISA KEV.
Technical view
The issue is an integer overflow, mapped to CWE-190, reachable through maliciously crafted PDF processing. The CVSS 3.1 score is 7.8 with local attack vector and required user interaction, but successful exploitation can compromise confidentiality, integrity, and availability. Apple addressed it with improved input validation in listed security updates.
Likely exposure
Exposure is most likely on Apple devices not updated to Security Update 2021-005 Catalina, iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2, or later applicable fixes.
Exploitation context
Active exploitation is supported by Apple’s statement that it was aware of a report of exploitation and by CISA KEV inclusion. Sources do not provide safe operational detail about campaigns, targets, exploit chains, or current exploitation volume.
Researcher notes
The provided evidence supports affected Apple platforms and fixed release names, but not detailed root-cause internals, exploit mechanics, or current campaign activity. Avoid extrapolating affected non-Apple products from related JBIG2 references without separate vendor confirmation.
Mitigation direction
- Prioritize updates for affected Apple endpoints and watches.
- Confirm devices are at or beyond Apple’s fixed versions.
- Check Apple advisories for older supported device fixes.
- Reduce exposure to unsolicited PDF handling where patching is delayed.
- Track CISA KEV due-date handling if applicable.
Validation and detection
- Inventory macOS, iOS, iPadOS, and watchOS versions.
- Compare installed versions against Apple’s fixed releases.
- Identify devices unable to receive current security updates.
- Review MDM compliance for missing Apple security updates.
- Confirm PDF-opening risk controls on unpatched devices.
Public sources used
Generated from the cited source records. This long-tail analysis has not been individually reviewed by a named human.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CWE-190: Exact CWE lookup
Use the exact CWE identifier as the starting point before reviewing related ATT&CK behavior. Open the exact CWE lookup page first, then review the ATT&CK searches from that MITRE weakness context. This is a Glexia lookup hint, not an official ATT&CK mapping.
Open ATT&CK lookupExecution behavior lookup
The CVE wording references code or command execution, so execution technique review may help defensive triage. This is a Glexia inferred lookup path, not an official MITRE, ATT&CK, or CVE Program mapping.
Open ATT&CK lookupCVE-2021-30860 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- High
- CVSS
- 7.8 (3.1)
- Known Exploited
- Yes
- Published
Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CISA KEV status
CVSS vector scores
1 official scoreWe collect every scored CVSS vector available in the official CNA and ADP containers. When more than one version is present, the table keeps the source vectors side by side instead of collapsing them into the highest score.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H1.85.9Primary CVE scoreVulnerability scoring details
Base CVSS 3.1 score
7.8HighVector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Source materials
- CVE List V5 sourceCVE List V5
- https://support.apple.com/en-us/HT212804CVE reference · x_refsource_MISC
- https://support.apple.com/en-us/HT212805CVE reference · x_refsource_MISC
- https://support.apple.com/en-us/HT212807CVE reference · x_refsource_MISC
- https://support.apple.com/en-us/HT212806CVE reference · x_refsource_MISC
- https://support.apple.com/kb/HT212824CVE reference · x_refsource_CONFIRM
- GLSA-202209-21CVE reference · vendor-advisory, x_refsource_GENTOO
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30860CVE reference · government-resource
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
Integer Overflow or Wraparound
Integer Overflow or Wraparound represents a recurring weakness pattern that can create exploitable paths when design, validation, or implementation controls are missing.
