← back
CVE-2021-30900

CVE-2021-30900

CVSS 7.8 HIGHEPSS 5.2%● KEVCWE-787
In short

A flaw in iOS and iPadOS allows a malicious app to write data outside the intended memory area, potentially letting it run harmful code with the highest system permissions. This is serious because it gives attackers complete control over your device.

Technical detail

An out-of-bounds write vulnerability in iOS/iPadOS memory handling allows a local malicious application to write beyond allocated buffer boundaries. The attack requires a malicious app to be installed; successful exploitation grants kernel-level code execution, enabling complete system compromise.

Summary generated and translated by AI from the official description.
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://support.apple.com/en-us/HT212867https://support.apple.com/en-us/HT212868https://support.apple.com/kb/HT212872https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30900