CVE-2021-30756 in iOS
Summary
by MITRE • 09/08/2021
A local attacker may be able to view Now Playing information from the lock screen. This issue is fixed in macOS Big Sur 11.4, iOS 14.6 and iPadOS 14.6. A privacy issue in Now Playing was addressed with improved permissions.
Be aware that VulDB is the high quality source for vulnerability data.
Analysis
by VulDB Data Team • 09/11/2021
The vulnerability described in CVE-2021-30756 represents a significant privacy flaw in Apple's operating systems that allowed local attackers to access sensitive Now Playing information displayed on lock screens. This issue specifically affected macOS Big Sur and iOS versions prior to their respective security updates in 2021. The vulnerability falls under the category of information disclosure, where unauthorized parties could potentially gain access to media playback information that users might consider private or sensitive.
The technical flaw stems from inadequate permission controls and access restrictions within the Now Playing functionality of Apple's operating systems. When media is playing through applications, the system displays this information on the lock screen for user convenience, but the implementation did not properly enforce access controls to prevent unauthorized viewing by local attackers who might have physical access to the device. This represents a weakness in the system's privilege model and access control mechanisms, similar to vulnerabilities classified under CWE-284 Access Control Issues.
The operational impact of this vulnerability extends beyond simple privacy concerns to potentially expose users to targeted attacks or social engineering opportunities. An attacker with physical access to a device could view what media a user is currently playing, potentially revealing personal preferences, sensitive content being consumed, or even information that might be used for further exploitation. This vulnerability directly impacts the principle of least privilege and proper access control enforcement that should prevent unauthorized information disclosure.
This issue was addressed through improved permission controls and access restriction mechanisms in the security updates released for macOS Big Sur 11.4 and iOS 14.6. The fix likely implemented stricter access controls for lock screen information display, ensuring that Now Playing data is properly protected from unauthorized viewing. From an ATT&CK framework perspective, this vulnerability relates to T1531 Account Access Removal and T1074 Data Staged, as it involved unauthorized access to user information and could potentially be exploited for further data collection. The remediation aligns with defensive strategies for protecting user privacy and maintaining proper access control boundaries.
Organizations and individual users should ensure their systems are updated to the latest versions to prevent exploitation of this vulnerability. The fix demonstrates Apple's approach to addressing privacy issues through improved access control mechanisms and proper implementation of information protection measures. This vulnerability serves as a reminder of the importance of maintaining up-to-date security patches and the critical nature of protecting user privacy information even in seemingly innocuous system features.