CVE-2021-30666

CVSS 8.8 HIGHEPSS 2.8%● KEVCWE-119

In short

A memory error in web content processing allowed attackers to run malicious code on iPhones and iPads. This flaw was actively being exploited before Apple fixed it in iOS 12.5.3.

Technical detail

Buffer overflow vulnerability in web content handler with CWE-119 (improper memory restriction) enabling arbitrary code execution. Attack vector is remote via maliciously crafted web content; pre-condition requires user to visit attacker-controlled or compromised website. Fixed through improved memory handling in iOS 12.5.3.

Summary generated and translated by AI from the official description.

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT212341 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30666