CVE-2021-30799: Input Validation
Published Jul 21, 2021
·Updated
ActionKit. An input validation issue was addressed with improved input validation.
Other sources
AMD Kernel. A memory corruption issue was addressed with improved input validation.
— Apple
Analytics. A logic issue was addressed with improved restrictions.
— Apple
Analytics. This issue was addressed with a new entitlement.
— Apple
App Store. A permissions issue was addressed with improved validation.
— Apple
AppKit. An information disclosure issue was addressed by removing the vulnerable code.
— Apple
Credit
Sergei Glazunov(Google Project Zero), Zachary Keffaber@@QuickUpdate5, Denis Tokarev@@illusionofcha0s, tr3e, George Nosenko, JunDong Xie(Ant Security Light), ryuzaki, Mickey Jin@@patch1t(Trend Micro), Sunglin(Knownsec 404 team), Yizhuo Wang(Group of Software Security In Progress), Tim Michaud@@TimGMichaud(Zoom Video Communications), Linus Henze (pinauten.de), Csaba Fitzl@@theevilbit(Offensive Security), tr3e(Trend Micro Zero Day Initiative), hjy79425575(Trend Micro Zero Day Initiative), Matthew Denton(Google Chrome Security), Jzhu(Baidu Security), Ye Zhang@@co0py_Cat(Baidu Security), CFF(Topsec Alpha Team), CVE-2021-3518, CVE-2018-25010, CVE-2018-25011, CVE-2018-25014, CVE-2020-36328, CVE-2020-36329, CVE-2020-36330, CVE-2020-36331, Anonymous(Trend Micro Zero Day Initiative), Christoph Guttandin(Media Codings), Ivan Fratric(Google Project Zero), vm_call, Nozhdar Abdulkhaleq Shukri, Zhongcheng Li (CK01), Ron Waisberg@@epsilan, Gary Nield(ECSC Group plc), Wojciech Reguła@@_r3ggi(SecuRing), Matt Shockley (twitter.com/mattshockl)(Offensive Security), Liu Long(Ant Security Light), Yinyi Wu@@3ndy1(Qihoo 360 Vulcan Team), Zuozhi Fan@@pattern_F_(Ant Security TianQiong Lab), Georgi Valkov (httpstorm.com), Mickey Jin@@patch1t(Trend Micro working with Trend Micro Zero Day Initiative), ABC Research s.r.o
Affected Software
39 affected componentsFixes available
debian/webkit2gtk
2.36.4-1~deb10u12.38.6-0+deb10u12.40.5-1~deb11u12.42.1-1~deb11u22.40.5-1~deb12u12.42.1-1~deb12u12.42.1-2
debian/wpewebkit
2.38.6-1~deb11u12.38.6-12.42.1-1
Apple macOS Big Sur<11.5
11.5
Apple Catalina
Apple Mojave
Apple iPhone OS<14.7
Apple iOS and macOS>=10.14<=10.14.6
Apple iOS and macOS>=10.15<10.15.7
Apple iOS and macOS=10.14.6-security_update_2019-001
Apple iOS and macOS=10.14.6-security_update_2019-002
Apple iOS and macOS=10.14.6-security_update_2019-004
Apple iOS and macOS=10.14.6-security_update_2019-005
Apple iOS and macOS=10.14.6-security_update_2019-006
Apple iOS and macOS=10.14.6-security_update_2019-007
Apple iOS and macOS=10.14.6-security_update_2020-001
Apple iOS and macOS=10.14.6-security_update_2020-002
Apple iOS and macOS=10.14.6-security_update_2020-003
Apple iOS and macOS=10.14.6-security_update_2020-004
Apple iOS and macOS=10.14.6-security_update_2020-005
Apple iOS and macOS=10.14.6-security_update_2020-006
Apple iOS and macOS=10.14.6-security_update_2020-007
Apple iOS and macOS=10.14.6-security_update_2021-001
Apple iOS and macOS=10.14.6-security_update_2021-002
Apple iOS and macOS=10.14.6-security_update_2021-003
Apple iOS and macOS=10.14.6-security_update_2021-004
Apple iOS and macOS=10.14.6-supplemental_update
Apple iOS and macOS=10.14.6-supplemental_update_2
Apple iOS and macOS=10.15.6-supplemental_update
Apple iOS and macOS=10.15.7-security_update_2020
Apple iOS and macOS=10.15.7-security_update_2020-001
Apple iOS and macOS=10.15.7-security_update_2020-005
Apple iOS and macOS=10.15.7-security_update_2020-007
Apple iOS and macOS=10.15.7-security_update_2021-001
Apple iOS and macOS=10.15.7-security_update_2021-002
Apple iOS and macOS=10.15.7-security_update_2021-003
Apple macOS>=11.0<11.5
redhat/webkitgtk<2.32.3
2.32.3
Apple iOS<14.7
14.7
Apple iPadOS<14.7
14.7
Event History
Jul 21, 2021
Data Sourced
via Apple·12:00 AM
DescriptionWeaknessAffected Software
Updated
via Apple·12:00 AM
DescriptionWeakness
Jul 28, 2021
Data Sourced
via Red Hat·01:49 PM
DescriptionSeverityAffected Software
Sep 8, 2021
CVE Published
via MITRE·01:38 PM
Data Sourced
via MITRE·01:38 PM
DescriptionWeakness
Feb 24, 2026
Updated
via Apple·07:00 PM
DescriptionWeaknessAffected Software
Updated
via Apple·07:00 PM
Affected Software
Parent advisories
This vulnerability appears in the following advisories.
Peer vulnerabilities
Found alongside the following vulnerabilities.
- CVE-2021-30805
- CVE-2021-30871
- CVE-2021-30790
- CVE-2021-31006
- CVE-2021-30781
- CVE-2021-30748
- CVE-2021-30775
- CVE-2021-30776
- CVE-2021-30786
- CVE-2021-30772
- CVE-2021-30783
- CVE-2021-30777
- CVE-2021-30789
- CVE-2021-30774
- CVE-2021-30780
- CVE-2021-30768
- CVE-2021-30817
- CVE-2021-30804
- CVE-2021-30760
- CVE-2021-30788
- CVE-2021-30759
- CVE-2021-30803
- CVE-2021-30779
- CVE-2021-30785
- CVE-2021-30787
- CVE-2021-30766
- CVE-2021-30765
- CVE-2021-30784
- CVE-2021-30793
- CVE-2021-30778
- CVE-2021-30677
- CVE-2021-3518
- CVE-2021-30796
- CVE-2021-30792
- CVE-2021-30791
- CVE-2021-1821
- CVE-2021-30782
- CVE-2021-31004
- CVE-2021-30798
- CVE-2021-30758
- CVE-2021-30795
- CVE-2021-30797
- CVE-2021-30799
- CVE-2021-30811
- CVE-2021-30672
- CVE-2021-30733
- CVE-2021-30731
- CVE-2021-30703
- CVE-2021-30763
- CVE-2021-30773
- CVE-2021-30802
- CVE-2021-30769
- CVE-2021-30770
- CVE-2018-25010
- CVE-2018-25011
- CVE-2018-25014
- CVE-2020-36328
- CVE-2020-36329
- CVE-2020-36330
- CVE-2020-36331
- CVE-2021-30800
Frequently Asked Questions
1
What is CVE-2021-30799?
CVE-2021-30799 is a vulnerability in WebKit that allows for multiple memory corruption issues.
2
Which software versions are affected by CVE-2021-30799?
CVE-2021-30799 affects Apple Mojave, Apple Catalina, and Apple macOS Big Sur (up to version 11.5).
3
How can the memory corruption issues addressed in CVE-2021-30799 be mitigated?
The memory corruption issues in CVE-2021-30799 can be mitigated by updating to the latest version of the affected software, as recommended by Apple.
4
Where can I find more information about CVE-2021-30799?
You can find more information about CVE-2021-30799 on the Apple support website.