← back
CVE-2021-30665

CVE-2021-30665

CVSS 8.8 HIGHEPSS 3.5%● KEVCWE-787
In short

A memory corruption flaw in Apple devices allows attackers to run malicious code by tricking users into viewing specially crafted web content. This is a serious vulnerability that Apple knows has been actively exploited in the wild.

Technical detail

Out-of-bounds memory write vulnerability (CWE-787) in web content processing on Apple platforms (iOS, macOS, watchOS, tvOS). The attack vector is network-based requiring user interaction to view malicious web content; exploitation leads to arbitrary code execution with the privileges of the affected application. Addressed through improved state management in specified OS versions.

Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT212335https://support.apple.com/en-us/HT212336https://support.apple.com/en-us/HT212339https://support.apple.com/en-us/HT212341https://support.apple.com/en-us/HT212532https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30665