CVE-2021-30858: Apple iOS, iPadOS, macOS Use-After-Free Vulnerability
Published Aug 24, 2021
·Updated
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Credit
an anonymous researcher
Affected Software
16 affected componentsFixes available
debian/webkit2gtk
2.36.4-1~deb10u12.38.6-0+deb10u12.40.5-1~deb11u12.42.1-1~deb11u22.40.5-1~deb12u12.42.1-1~deb12u12.42.1-2
debian/wpewebkit
2.38.6-1~deb11u12.38.6-12.42.1-1
Apple iOS, iPadOS, and macOS
Apple macOS Big Sur<11.6
11.6
Apple Safari<14.1.2
14.1.2
Apple iOS<12.5.5
12.5.5
Apple iOS<14.8
14.8
Apple iPadOS<14.8
14.8
Apple iPadOS>=13.1<14.8
Apple iPhone OS<12.5.5
Apple iPhone OS>=13.0<14.8
Apple macOS<11.6
Fedoraproject Fedora=33
Fedoraproject Fedora=34
Debian Debian Linux=10.0
Debian Debian Linux=11.0
Event History
Aug 24, 2021
CVE Published
via MITRE·06:49 PM
Data Sourced
via MITRE·06:49 PM
DescriptionWeakness
Data Sourced
via NVD·07:15 PM
DescriptionSeverityWeaknessAffected Software
Nov 3, 2021
Known Exploited
via CISA·12:00 AM
Frequently Asked Questions
1
What is the vulnerability ID for this Apple iOS, iPadOS, and macOS vulnerability?
The vulnerability ID is CVE-2021-30858.
2
What is the severity of CVE-2021-30858?
The severity of CVE-2021-30858 is not specified.
3
Which software products are affected by CVE-2021-30858?
Apple iOS, Safari, macOS Big Sur, iOS, iPadOS, and macOS are affected by CVE-2021-30858.
4
How can an attacker exploit CVE-2021-30858?
An attacker can exploit CVE-2021-30858 by tricking a user into visiting a malicious website or opening a specially crafted file.
5
Is there a fix available for CVE-2021-30858?
Yes, Apple has released updates to address the vulnerability. Please refer to the official support links for more information.