CVE-2021-30762

CVSS 8.8 HIGHEPSS 11.1%● KEVCWE-416

Vexday Risk Score

56Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 8.8EPSS 11.1%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

08 Sep 2021Published on NVD

03 Nov 2021Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A memory management flaw in iOS allows attackers to execute arbitrary code by processing malicious web content. This vulnerability was actively exploited in the wild.

Technical detail

Use-after-free vulnerability in iOS 12.5.4 web content processing allows remote code execution via crafted web content without user interaction beyond viewing. The vulnerability stems from improper memory management after object deallocation, enabling arbitrary code execution in the context of the vulnerable process.

Summary generated and translated by AI from the official description.

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT212548 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30762