A critical out-of-bounds vulnerability, identified as CVE-2021-44142, was disclosed in Samba versions prior to 4.13.17, allowing remote code execution through a vulnerable configuration with a CVSS score of 9.9. This vulnerability was highlighted at the Pwn2Own Austin competition, earning STAR Labs $45,000 for exploiting it on a Western Digital NAS device. It involves three flaws in the adouble.c file related to the vfs_fruit module, which enhances compatibility with Apple SMB clients. These vulnerabilities require specific conditions to exploit, such as enabling the vfs_fruit module and shared resources having write permissions. Though not loaded by default, some NAS devices enable this module to support Apple clients. Samba has released patches in versions 4.13.17, 4.14.12, and 4.15.5 to address the issue, and mitigation includes removing the vfs_fruit module from configurations or ensuring stringent access controls.