### [CVE-2021-30975](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30975)
![](https://img.shields.io/static/v1?label=Product&message=macOS&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2011.6%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%2012.1%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Version&message=%3C%202021%20&color=brighgreen)
![](https://img.shields.io/static/v1?label=Vulnerability&message=A%20malicious%20OSAX%20scripting%20addition%20may%20bypass%20Gatekeeper%20checks%20and%20circumvent%20sandbox%20restrictions&color=brighgreen)

### Description

This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary. This issue is fixed in macOS Monterey 12.1, Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions.

### POC

#### Reference
No PoCs from references.

#### Github
- https://github.com/ARPSyndicate/cvemon
- https://github.com/houjingyi233/macOS-iOS-system-security