CVE-2021-30952
CVE-2021-30952
In short
A flaw in how Safari and Apple devices process web content allows an attacker to cause an integer overflow—a math error that overflows a number limit—which can be exploited to run malicious code on your device.
Technical detail
An integer overflow vulnerability in Safari's web content processing allows remote code execution when a user visits a malicious website. The vulnerability requires no user interaction beyond viewing crafted content, and successful exploitation results in arbitrary code execution with the privileges of the Safari process.
Summary generated and translated by AI from the official description.
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kithttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/https://support.apple.com/en-us/HT212975https://support.apple.com/en-us/HT212976https://support.apple.com/en-us/HT212978https://support.apple.com/en-us/HT212980https://support.apple.com/en-us/HT212982https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30952https://www.debian.org/security/2022/dsa-5060https://www.debian.org/security/2022/dsa-5061http://www.openwall.com/lists/oss-security/2022/01/21/2