8.8

CVE-2021-30661

Warnung
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
AppleSafari Version < 14.1
AppleiPadOS Version < 14.5
AppleiPhone OS Version < 12.5.3
AppleiPhone OS Version >= 14.0 < 14.5
ApplemacOS Version >= 11.0 < 11.3
AppletvOS Version < 14.5
ApplewatchOS Version < 7.4

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products WebKit Storage Use-After-Free Vulnerability

Schwachstelle

Apple iOS, iPadOS, macOS, tvOS, watchOS, and Safari WebKit Storage contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.53% 0.904
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0 8.8 2.8 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE-416 Use After Free

The product reuses or references memory after it has been freed. At some point afterward, the memory may be allocated again and saved in another pointer, while the original pointer references a location somewhere within the new allocation. Any operations using the original pointer are no longer valid because the memory "belongs" to the code that operates on the new pointer.

https://support.apple.com/en-us/HT212325
Vendor Advisory
https://support.apple.com/en-us/HT212317
Vendor Advisory
https://support.apple.com/en-us/HT212323
Vendor Advisory
https://support.apple.com/en-us/HT212324
Vendor Advisory
https://support.apple.com/en-us/HT212318
Vendor Advisory
https://support.apple.com/en-us/HT212341
Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30661
Third Party Advisory
US Government Resource