⚠ Actively exploited

Added to CISA KEV on 2021-11-03. Federal agencies required to patch by 2021-11-17. Required action: Apply updates per vendor instructions..

CVE-2021-30762 — Use After Free in Apple IOS

CWE-416 — Use After Free CWE-20 — Improper Input Validation9 documents9 sources

Severity

8.8HIGHNVD

EPSS

0.0%

top 85.08%

CISA KEV

KEV

Added 2021-11-03

Due 2021-11-17

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS Apple Iphone OS

Timeline

PublishedSep 8

KEV addedNov 3

KEV dueNov 17

Latest updateMay 24

CISA Required Action: Apply updates per vendor instructions.

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

▶CVEListV5apple/iosunspecified — 12.5

▶NVDapple/iphone_os< 12.5.4

🔴Vulnerability Details

GHSA

GHSA-gj4g-95xx-7pc7: A use after free issue was addressed with improved memory management↗2022-05-24

▶

CVEList

CVE-2021-30762: A use after free issue was addressed with improved memory management↗2021-09-08

▶

OSV

CVE-2021-30762: A use after free issue was addressed with improved memory management↗2021-09-08

▶

VulnCheck

Apple iOS WebKit Use-After-Free Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Apple iOS WebKit Use-After-Free Vulnerability↗2021-11-03

▶

Red Hat

webkitgtk: Use-after-free leading to arbitrary code execution↗2021-07-28

▶

Apple

CVE-2021-30762: iOS 12.5.4↗2021-06-14

▶

Debian

CVE-2021-30762: webkit2gtk - A use after free issue was addressed with improved memory management. This issue...↗2021

▶