← back
CVE-2021-30663

CVE-2021-30663

CVSS 7.8 HIGHEPSS 3.5%● KEVCWE-190
Vexday Risk Score
51Attention
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 7.8EPSS 3.5%KEV simPoC Nuclei Metasploit Patch
Lifecycle
08 Sep 2021Published on NVD
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A vulnerability in how Apple devices handle large numbers in web content can cause the system to crash or run malicious code. This happens when specially crafted websites exploit how the device calculates with these large numbers.

Technical detail

An integer overflow vulnerability in web content processing allows remote code execution through crafted input that exceeds integer bounds. The attack requires user interaction to view malicious web content, with the overflow leading to memory corruption and arbitrary code execution.

Summary generated and translated by AI from the official description.
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT212335https://support.apple.com/en-us/HT212336https://support.apple.com/en-us/HT212341https://support.apple.com/en-us/HT212532https://support.apple.com/en-us/HT212534https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663