CVE-2021-30983

CVSS 7.8 HIGHEPSS 2.9%● KEVCWE-120

Vexday Risk Score

51Attention

SSVC decision (CISA)

Act

Exploitation + impact → act immediately

CVSS 7.8EPSS 2.9%KEV simPoC —Nuclei —Metasploit —Patch —

Lifecycle

24 Aug 2021Published on NVD

27 Jun 2022Active exploitation (CISA KEV)

Recommendation: Patch as soon as possible — active exploitation confirmed.

In short

A buffer overflow vulnerability in iOS and iPadOS allowed apps to write data beyond memory boundaries, potentially enabling them to run malicious code with system-level permissions. This was a critical flaw that could compromise device security and user data.

Technical detail

A stack-based or heap-based buffer overflow in iOS/iPadOS kernel-space code allowed local applications to write beyond allocated memory boundaries (CWE-120). Exploitation required a malicious app with code execution capability; successful exploitation could result in arbitrary code execution with kernel privileges, bypassing security controls.

Summary generated and translated by AI from the official description.

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS and iPadOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT212976 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30983