CVE-2021-30852 — Type Confusion in Apple IOS AND Ipados

CWE-843 — Type Confusion8 documents2 sources

Severity

8.8HIGHNVD

EPSS

0.6%

top 29.68%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Tvos Apple Watchos +9 more

Timeline

PublishedAug 24

Latest updateNov 10

Description

A type confusion issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages15 packages

▶NVDapple/ipados< 14.8

▶CVEListV5apple/ios_and_ipadosunspecified — 14.8+1

▶Appleapple/ios_15_and_ipados15

▶Appleapple/ios_14.8_and_ipados14.8

▶CVEListV5apple/tvosunspecified — 15

📋Vendor Advisories

Apple

CVE-2021-30852: iCloud for Windows 13↗2021-11-10

▶

Apple

CVE-2021-30852: macOS Monterey 12.0.1↗2021-10-25

▶

Apple

CVE-2021-30852: iOS 15 and iPadOS 15↗2021-09-20

▶

Apple

CVE-2021-30852: iTunes 12.12 for Windows↗2021-09-20

▶

Apple

CVE-2021-30852: watchOS 8↗2021-09-20

▶