⚠ Actively exploited
Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2021-30761Out-of-bounds Write in Apple IOS

CWE-787Out-of-bounds WriteCWE-20Improper Input Validation9 documents9 sources
Severity
8.8HIGHNVD
EPSS
0.4%
top 36.82%
CISA KEV
KEV
Added 2021-11-03
Due 2021-11-17
Exploit
Exploited in wild
Active exploitation observed
Affected products
2
Apple IOSApple Iphone OS
Timeline
PublishedSep 8
KEV addedNov 3
KEV dueNov 17
Latest updateMay 24
CISA Required Action: Apply updates per vendor instructions.

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

CVEListV5apple/iosunspecified12.5
NVDapple/iphone_os< 12.5.4

🔴Vulnerability Details

4
GHSA
GHSA-6qp6-2ggr-xv6x: A memory corruption issue was addressed with improved state management2022-05-24
OSV
CVE-2021-30761: A memory corruption issue was addressed with improved state management2021-09-08
CVEList
CVE-2021-30761: A memory corruption issue was addressed with improved state management2021-09-08
VulnCheck
Apple iOS WebKit Memory Corruption Vulnerability2021

📋Vendor Advisories

4
CISA
Apple iOS WebKit Memory Corruption Vulnerability2021-11-03
Red Hat
webkitgtk: Memory corruption leading to arbitrary code execution2021-07-28
Apple
CVE-2021-30761: iOS 12.5.42021-06-14
Debian
CVE-2021-30761: webkit2gtk - A memory corruption issue was addressed with improved state management. This iss...2021
CVE-2021-30761 — Out-of-bounds Write in Apple IOS | cvebase