Lucene search
Mickey Jin (@patch1t) of Trend MicroZDI-22-360HistoryFeb 16, 2022 - 12:00 a.m.
Apple macOS fclonefileat Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability
2022-02-1600:00:00
Mickey Jin (@patch1t) of Trend Micro
www.zerodayinitiative.com
15
macos
privilege escalation
directory paths
time-of-check
time-of-use
code execution
EPSS
0.001
Percentile
48.7%
This vulnerability allows local attackers to escalate privileges on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the handling of directory paths. The code is subject to a time-of-check/time-of-use race condition when performing path validation. An attacker can leverage this vulnerability to escalate privileges from low integrity and execute code in the context of root.
References
Related
prion
prion
Race condition
2021-08-24 19:15:00
cve
cve
CVE-2021-30995
2021-08-24 19:15:24
cnvd
cnvd
Many Apple products competitive conditions problems vulnerability
2022-04-01 00:00:00
nvd
nvd
CVE-2021-30995
2021-08-24 19:15:24
cvelist
cvelist
CVE-2021-30995
2021-08-24 18:51:33
trendmicroblog
trendmicroblog
Analyzing an Old Bug and Discovering CVE-2021-30995
2022-01-14 00:00:00
apple
apple
About the security content of Security Update 2021-008 Catalina
2021-12-13 00:00:00
About the security content of tvOS 15.2
2021-12-13 00:00:00
About the security content of watchOS 8.3
2021-12-13 00:00:00
nessus
nessus
Apple TV < 19K53 Multiple Vulnerabilities (HT212980)
2024-06-14 00:00:00
macOS 11.x < 11.6.2 (HT212979)
2021-12-21 00:00:00
macOS 10.15.x < Catalina Security Update 2021-008 Catalina (HT212981)
2021-12-21 00:00:00
openvas
openvas
Apple Mac OS X Security Update (HT212979)
2022-03-17 00:00:00
Apple Mac OS X Security Update (HT212981)
2022-03-17 00:00:00
Apple Mac OS X Security Update (HT212978)
2022-03-17 00:00:00