← back
CVE-2021-30858

CVE-2021-30858

CVSS 8.8 HIGHEPSS 13.5%● KEVCWE-416
Vexday Risk Score
76High priority
SSVC decision (CISA)
Act
Exploitation + impact → act immediately
CVSS 8.8EPSS 13.5%KEV simPoC públicaNuclei Metasploit Patch referenciado
Lifecycle
24 Aug 2021Published on NVD
14 Oct 2021Public PoC
03 Nov 2021Active exploitation (CISA KEV)
Recommendation: Patch as soon as possible — active exploitation confirmed.
In short

A memory vulnerability in Apple's WebKit allows attackers to execute arbitrary code by sending specially crafted web content to iPhones, iPads, or Macs. This flaw was actively exploited in the wild before the fix.

Technical detail

Use-after-free vulnerability in WebKit's memory management; triggered by processing maliciously crafted web content without requiring user interaction beyond viewing a webpage. Exploitation results in arbitrary code execution with the privileges of the affected process; patched in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6.

Summary generated and translated by AI from the official description.
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOSApple · macOS
public PoCs found2
githubgithub.com/kmeps4/CVEREV31githubgithub.com/Jeromeyoung/ps4_8.00_vuln_poc0
⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://seclists.org/fulldisclosure/2021/Sep/25http://seclists.org/fulldisclosure/2021/Sep/27http://seclists.org/fulldisclosure/2021/Sep/29http://seclists.org/fulldisclosure/2021/Sep/38http://seclists.org/fulldisclosure/2021/Sep/39http://seclists.org/fulldisclosure/2021/Sep/50https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/https://support.apple.com/en-us/HT212804https://support.apple.com/en-us/HT212807https://support.apple.com/kb/HT212824https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30858