CVE-2021-30761

CVSS 8.8 HIGHEPSS 10.6%● KEVCWE-787

In short

A flaw in how iOS 12.5.4 handles web content allows attackers to corrupt memory and run arbitrary code on your device. Simply visiting a malicious website can trigger this vulnerability, which Apple has confirmed is being actively exploited in the wild.

Technical detail

Memory corruption vulnerability (CWE-787 buffer overflow) in web content processing on iOS 12.5.4. Attack vector is remote via maliciously crafted web content; no user interaction beyond normal browsing is required. Successful exploitation leads to arbitrary code execution with device privileges.

Summary generated and translated by AI from the official description.

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Affected products

Apple · iOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://support.apple.com/en-us/HT212548 https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30761