// For flags

CVE-2021-30858

Apple iOS, iPadOS, macOS Use-After-Free Vulnerability

Severity Score

8.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

0
*Multiple Sources

Exploited in Wild

Yes
*KEV

Decision

-
*SSVC
Descriptions

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Se ha solucionado un problema de uso después de la liberación con una mejor gestión de la memoria. Este problema se ha solucionado en iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6. El procesamiento de contenido web malicioso puede conducir a la ejecución de código arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente.

A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution.

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2021-04-13 CVE Reserved
  • 2021-08-24 CVE Published
  • 2021-11-03 Exploited in Wild
  • 2021-11-17 KEV Due Date
  • 2024-07-30 EPSS Updated
  • 2024-08-03 CVE Updated
  • ---------- First Exploit
CWE
  • CWE-416: Use After Free
CAPEC
References (20)
URL Tag Source
http://seclists.org/fulldisclosure/2021/Sep/25 Mailing List
http://seclists.org/fulldisclosure/2021/Sep/27 Mailing List
http://seclists.org/fulldisclosure/2021/Sep/29 Mailing List
http://seclists.org/fulldisclosure/2021/Sep/38 Mailing List
http://seclists.org/fulldisclosure/2021/Sep/39 Mailing List
http://seclists.org/fulldisclosure/2021/Sep/50 Mailing List
http://www.openwall.com/lists/oss-security/2021/09/20/1 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/26/9 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/1 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/2 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/4 Mailing List
https://support.apple.com/en-us/HT212804 X_refsource_misc
https://support.apple.com/en-us/HT212807 X_refsource_misc
https://support.apple.com/kb/HT212824 X_refsource_confirm
URL Date SRC
URL Date SRC
URL Date SRC
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W 2023-11-07
https://www.debian.org/security/2021/dsa-4975 2023-11-07
https://www.debian.org/security/2021/dsa-4976 2023-11-07
https://access.redhat.com/security/cve/CVE-2021-30858 2022-01-11
https://bugzilla.redhat.com/show_bug.cgi?id=2006099 2022-01-11
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Apple
Search vendor "Apple"
 Ipados
Search vendor "Apple" for product "Ipados"
 >= 13.1 < 14.8
Search vendor "Apple" for product "Ipados" and version " >= 13.1 < 14.8"
-
Affected
Apple
Search vendor "Apple"
 Iphone Os
Search vendor "Apple" for product "Iphone Os"
 < 12.5.5
Search vendor "Apple" for product "Iphone Os" and version " < 12.5.5"
-
Affected
Apple
Search vendor "Apple"
 Iphone Os
Search vendor "Apple" for product "Iphone Os"
 >= 13.0 < 14.8
Search vendor "Apple" for product "Iphone Os" and version " >= 13.0 < 14.8"
-
Affected
Apple
Search vendor "Apple"
 Macos
Search vendor "Apple" for product "Macos"
 < 11.6
Search vendor "Apple" for product "Macos" and version " < 11.6"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 33
Search vendor "Fedoraproject" for product "Fedora" and version "33"
-
Affected
Fedoraproject
Search vendor "Fedoraproject"
 Fedora
Search vendor "Fedoraproject" for product "Fedora"
 34
Search vendor "Fedoraproject" for product "Fedora" and version "34"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 10.0
Search vendor "Debian" for product "Debian Linux" and version "10.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 11.0
Search vendor "Debian" for product "Debian Linux" and version "11.0"
-
Affected