CVE-2021-30883
CVE-2021-30883
In short
A memory corruption flaw in Apple's operating systems allows malicious apps to run harmful code with the highest system privileges. This is a critical vulnerability because it gives attackers full control over your device, and Apple confirms it was being actively exploited.
Technical detail
Memory corruption vulnerability (CWE-787) in iOS, iPadOS, macOS, tvOS, and watchOS allows a local application to achieve kernel-level code execution through improper memory handling. The vulnerability affects multiple OS versions and was actively exploited in the wild prior to patching; privilege escalation to kernel context enables complete system compromise.
Summary generated and translated by AI from the official description.
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://support.apple.com/en-us/HT212846https://support.apple.com/en-us/HT212868https://support.apple.com/en-us/HT212869https://support.apple.com/en-us/HT212872https://support.apple.com/en-us/HT212874https://support.apple.com/en-us/HT212876https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30883