CVE-2021-30665
published 2021-09-08CVE-2021-30665: A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS…
PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
3.47%
87.6th percentile
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ipados | < 14.5.1 | 14.5.1 |
| apple | iphone_os | < 12.5.3 | 12.5.3 |
| apple | iphone_os | >= 13.0 < 14.5.1 | 14.5.1 |
| apple | macos | < 11.3.1 | 11.3.1 |
| apple | macos | >= unspecified < 11.3 | 11.3 |
| apple | macos | >= unspecified < 14.5 | 14.5 |
| apple | macos | >= unspecified < 7.4 | 7.4 |
| apple | macos | >= unspecified < 12.5 | 12.5 |
| apple | macos | >= unspecified < 14.6 | 14.6 |
| apple | tvos | < 14.6 | 14.6 |
| apple | tvos | — | — |
| apple | watchos | < 7.4.1 | 7.4.1 |
| debian | webkit2gtk | < webkit2gtk 2.32.3-1 (bookworm) | webkit2gtk 2.32.3-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.32.3-1 (bookworm) | webkit2gtk 2.32.3-1 (bookworm) |
Detection & IOCsextracted from sources · hover to see the quote
- →Trigger vector is maliciously crafted web content processed by WebKit; monitor for suspicious web content delivery targeting WebKit-based browsers and HTML parsers (Apple Safari and non-Apple WebKit consumers) ↗
- →Attack surface includes any HTML parser relying on WebKit, not limited to Apple Safari — scope detection to all WebKit-based rendering engines ↗
- →Affected Linux packages are webkitgtk (RHEL 6) and webkitgtk3 (RHEL 7); monitor these packages for exploitation attempts via web content on Linux hosts ↗
- →Root cause is a memory corruption issue in the WebKit component; consider heap/memory corruption telemetry (e.g., ASan, crash logs) on WebKit processes as a detection signal ↗
- ·Vulnerability is confirmed actively exploited in the wild per Apple; CISA KEV remediation deadline was 2021-11-17 — unpatched WebKit instances should be treated as high-priority ↗
- ·webkit2gtk3 on RHEL 9 is NOT affected; scope patching and detection efforts accordingly to avoid false prioritization ↗
- ·Fixed versions for Debian-based systems: webkit resolved in version 2.32.3-1 across bookworm, bullseye, forky, sid, and trixie ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Apple Multiple Products WebKit Memory Corruption Vulnerability
cisa·2021-11-03·CVSS 8.8
CVE-2021-30665 [HIGH] CWE-787 Apple Multiple Products WebKit Memory Corruption Vulnerability
Vulnerability: Apple Multiple Products WebKit Memory Corruption Vulnerability
Affected: Apple Multiple Products
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-30665
Remediation Due Date: 2021-11-17
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2021-07-28
CVE-2021-30797 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Memory corruption leading to arbitrary code execution
vendor_redhat·2021-07-28·CVSS 8.8
CVE-2021-30665 [HIGH] CWE-20 webkitgtk: Memory corruption leading to arbitrary code execution
webkitgtk: Memory corruption leading to arbitrary code execution
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
A flaw was found in the webkitgtk package. Affected versions of this package could allow a remote attacker to execute arbitrary code on the system caused by a memory corruption issue in the WebKit component. An attacker can execute arbitrary code on the system by persuading a victim to visit a specially crafted Web site.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Affected
Packa
Apple
CVE-2021-30665: tvOS 14.6
vendor_apple·2021-05-24·CVSS 8.8
CVE-2021-30665 [HIGH] CVE-2021-30665: tvOS 14.6
Apple Security Update: About the security content of tvOS 14.6
Product: tvOS
Version: 14.6
CVE: CVE-2021-30665
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved state management.
Debian
CVE-2021-30665: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss...
vendor_debian·2021·CVSS 8.8
CVE-2021-30665 [HIGH] CVE-2021-30665: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss...
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Scope: local
bookworm: resolved (fixed in 2.32.3-1)
bullseye: resolved (fixed in 2.32.3-1)
forky: resolved (fixed in 2.32.3-1)
sid: resolved (fixed in 2.32.3-1)
trixie: resolved (fixed in 2.32.3-1)
GHSA
GHSA-fgq5-6x94-h566: A memory corruption issue was addressed with improved state management
ghsa_unreviewed·2022-05-24
CVE-2021-30665 [HIGH] CWE-119 GHSA-fgq5-6x94-h566: A memory corruption issue was addressed with improved state management
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
OSV
CVE-2021-30665: A memory corruption issue was addressed with improved state management
osv·2021-09-08·CVSS 8.8
CVE-2021-30665 [HIGH] CVE-2021-30665: A memory corruption issue was addressed with improved state management
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
VulnCheck
Apple Multiple Products WebKit Memory Corruption Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-30665 [HIGH] CWE-787 Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple Multiple Products WebKit Memory Corruption Vulnerability
Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Affected: Apple Multiple Products
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/kb/HT212335; https://support.apple.com/kb/HT212336; https://support.apple.com/kb/HT212339; https://support.apple.com/kb/HT212341; https://support.apple.com/kb/HT2
No detection rules found.
No public exploits indexed.
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
blogs_qualys·2021-10-18·CVSS 7.0
[HIGH] Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
Apple recently released iOS and iPadOS 15.0.2 as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “ Apple is aware of a report that this issue may have been actively exploited ,” the company said in security advisories .
This year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which Apple is aware of a report that this issue may have been actively exploited . Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vul
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys
blogs_qualys·2021-10-18·CVSS 7.0
[HIGH] Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys
Apple recently released iOS and iPadOS 15.0.2 as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories.
This year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which Apple is aware of a report that this issue may have been actively exploited. Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vulnera
Securelist
IT threat evolution in Q2 2021. PC statistics
blogs_securelist·2021-08-12
IT threat evolution in Q2 2021. PC statistics
Table of Contents
Quarterly figures
Financial threats
Financial threat statistics
Ransomware programs
Quarterly trends and highlights
Attack on Colonial Pipeline and closure of DarkSide
Closure of Avaddon
Clash with Clop
Attacks on NAS devices
Number of new ransomware modifications
Number of users attacked by ransomware Trojans
Geography of ransomware attacks
Top 10 most common families of ransomware Trojans
Miners
Number of new miner modifications
Number of users attacked by miners
Geography of miner attacks
Vulnerable applications used by cybercriminals during cyberattacks
Attacks on macOS
Geography of threats for macOS
IoT attacks
IoT threat statistics
Attacks via web resources
Countries that serve as sources of web-based attacks: Top 10
Countries where users fa
Securelist
IT threat evolution in Q2 2021. PC statistics
blogs_securelist·2021-08-12
IT threat evolution in Q2 2021. PC statistics
Table of Contents
- Quarterly figures
- Financial threats
- Ransomware programs
- Miners
- Vulnerable applications used by cybercriminals during cyberattacks
- Attacks on macOS
- IoT attacks
- Attacks via web resources
- Local threats
Authors
- AMR
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data.
## Quarterly figures
According to Kaspersky Security Network, in Q2 2021:
- Kaspersky solutions blocked 1,686,025,551 attacks from online resources across the globe.
- Web antivirus recognized 675,832,360 unique URLs as malicious.
- Attempts to run malware for stealing money from online bank accounts were stopped on the computers of 119,252 unique users.
- Ransomware attacks were defeated on the computers
Qualys
Prevent Pegasus Spyware Attacks with VMDR | Qualys
blogs_qualys·2021-07-23
Prevent Pegasus Spyware Attacks with VMDR | Qualys
#### Table of Contents
- Attack Vectors and Impact of Pegasus Spyware
- VMDR for Mobile Devices Helps Protect from Pegasus Spyware
- Get Started Now
Pegasus spyware is in the news, and it has been used to target devices of critical people from different sectors and countries including journalists, activists, politicians, and business executives. It has been said that a leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism nonprofit Forbidden Stories and Amnesty International.
Pegasus spyware is a surveillance software created by Israeli cyber intelligence firm NSO Group. Pegasus is one such software developed to gain access to your phone without consent and gather personal and sensitive information and deliver it to the user spying
Qualys
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach
blogs_qualys·2021-07-23
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach
## Table of Contents
Attack Vectors and Impact of Pegasus Spyware
VMDR for Mobile Devices Helps Protect from Pegasus Spyware
Get Started Now
Pegasus spyware is in the news, and it has been used to target devices of critical people from different sectors and countries including journalists, activists, politicians, and business executives. It has been said that a leaked list of 50,000 phone numbers of potential surveillance targets was obtained by Paris-based journalism nonprofit Forbidden Stories and Amnesty International.
Pegasus spyware is a surveillance software created by Israeli cyber intelligence firm NSO Group. Pegasus is one such software developed to gain access to your phone without consent and gather personal and sensitive information and deliver it to the user spying on you
https://support.apple.com/en-us/HT212335https://support.apple.com/en-us/HT212336https://support.apple.com/en-us/HT212339https://support.apple.com/en-us/HT212341https://support.apple.com/en-us/HT212532https://support.apple.com/en-us/HT212335https://support.apple.com/en-us/HT212336https://support.apple.com/en-us/HT212339https://support.apple.com/en-us/HT212341https://support.apple.com/en-us/HT212532https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30665
2021-09-08
Published
2021-11-03
Added to CISA KEV
Exploited in the wild