CVE-2021-30761

Warnung

EPSS 0.37%
Veröffentlicht 08.09.2021 14:15:10
Zuletzt bearbeitet 23.10.2025 18:04:18
Quelle product-security@apple.com
CVE-Watchlists
Login
Unerledigt
Login

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 5

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPhone OS Version < 12.5.4

03.11.2021: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple iOS WebKit Memory Corruption Vulnerability

Schwachstelle

Apple iOS WebKit contains a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://support.apple.com/en-us/HT212548

Vendor Advisory

Release Notes

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30761

Third Party Advisory

US Government Resource

https://nvd.nist.gov/vuln/detail/CVE-2021-30761

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2021-30761

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2021-30761

EUVD