cbcvebase.
CVE-2021-30665
published 2021-09-08

CVE-2021-30665: A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS…

PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
3.47%
87.6th percentile
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Affected

14 ranges
VendorProductVersion rangeFixed in
appleipados< 14.5.114.5.1
appleiphone_os< 12.5.312.5.3
appleiphone_os>= 13.0 < 14.5.114.5.1
applemacos< 11.3.111.3.1
applemacos>= unspecified < 11.311.3
applemacos>= unspecified < 14.514.5
applemacos>= unspecified < 7.47.4
applemacos>= unspecified < 12.512.5
applemacos>= unspecified < 14.614.6
appletvos< 14.614.6
appletvos
applewatchos< 7.4.17.4.1
debianwebkit2gtk< webkit2gtk 2.32.3-1 (bookworm)webkit2gtk 2.32.3-1 (bookworm)
debianwpewebkit< webkit2gtk 2.32.3-1 (bookworm)webkit2gtk 2.32.3-1 (bookworm)

Detection & IOCsextracted from sources · hover to see the quote

  • Trigger vector is maliciously crafted web content processed by WebKit; monitor for suspicious web content delivery targeting WebKit-based browsers and HTML parsers (Apple Safari and non-Apple WebKit consumers)
  • Attack surface includes any HTML parser relying on WebKit, not limited to Apple Safari — scope detection to all WebKit-based rendering engines
  • Affected Linux packages are webkitgtk (RHEL 6) and webkitgtk3 (RHEL 7); monitor these packages for exploitation attempts via web content on Linux hosts
  • Root cause is a memory corruption issue in the WebKit component; consider heap/memory corruption telemetry (e.g., ASan, crash logs) on WebKit processes as a detection signal
  • ·Vulnerability is confirmed actively exploited in the wild per Apple; CISA KEV remediation deadline was 2021-11-17 — unpatched WebKit instances should be treated as high-priority
  • ·webkit2gtk3 on RHEL 9 is NOT affected; scope patching and detection efforts accordingly to avoid false prioritization
  • ·Fixed versions for Debian-based systems: webkit resolved in version 2.32.3-1 across bookworm, bullseye, forky, sid, and trixie

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.