CVE-2021-30758 — Type Confusion in Apple Macos

CWE-843 — Type Confusion9 documents8 sources

Severity

8.8HIGHNVD

EPSS

0.3%

top 42.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS Apple Macos Apple Iphone OS +3 more

Timeline

PublishedSep 8

Latest updateMay 24

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages7 packages

▶NVDapple/tvos< 14.7

▶CVEListV5apple/macosunspecified — 11.5+3

▶NVDapple/macos< 11.5

▶NVDapple/safari< 14.1.2

▶NVDapple/watchos< 7.6

🔴Vulnerability Details

GHSA

GHSA-7qcx-m2gc-9659: A type confusion issue was addressed with improved state handling↗2022-05-24

▶

OSV

CVE-2021-30758: A type confusion issue was addressed with improved state handling↗2021-09-08

▶

CVEList

CVE-2021-30758: A type confusion issue was addressed with improved state handling↗2021-09-08

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2021-07-28

▶

Red Hat

webkitgtk: Type confusion leading to arbitrary code execution↗2021-07-28

▶

Apple

CVE-2021-30758: Safari 14.1.2↗2021-07-19

▶

Debian

CVE-2021-30758: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is...↗2021

▶

Apple

CVE-2021-30758: iOS 14.7 and iPadOS 14.7↗

▶