← back
CVE-2021-30661

CVE-2021-30661

CVSS 8.8 HIGHEPSS 4.3%● KEVCWE-416
In short

A memory management flaw in Safari and Apple systems allows attackers to execute arbitrary code by crafting malicious web content. This vulnerability was actively exploited in the wild.

Technical detail

Use-after-free vulnerability (CWE-416) in WebKit memory management. Attack vector is network-based through maliciously crafted web content; no user interaction beyond visiting a malicious site is required. Successful exploitation leads to arbitrary code execution in the context of the vulnerable application.

Summary generated and translated by AI from the official description.
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOSApple · SafariApple · tvOSApple · watchOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT212317https://support.apple.com/en-us/HT212318https://support.apple.com/en-us/HT212323https://support.apple.com/en-us/HT212324https://support.apple.com/en-us/HT212325https://support.apple.com/en-us/HT212341https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30661