CVE-2021-30883
published 2021-08-24CVE-2021-30883: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1…
PriorityP182high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-06-13
Exploited in the wild
EPSS
14.72%
96.2th percentile
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.8.1_and_ipados | — | — |
| apple | ios_15.0.2_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 15.0 | 15.0 |
| apple | ios_and_ipados | >= unspecified < 14.8 | 14.8 |
| apple | ipados | < 14.8.1 | 14.8.1 |
| apple | ipados | >= 15.0 < 15.0.2 | 15.0.2 |
| apple | iphone_os | < 14.8.1 | 14.8.1 |
| apple | iphone_os | >= 15.0 < 15.0.2 | 15.0.2 |
| apple | macos | — | — |
| apple | macos | >= 11.0 < 11.6.1 | 11.6.1 |
| apple | macos | >= unspecified < 12.0 | 12.0 |
| apple | macos | >= unspecified < 11.6 | 11.6 |
| apple | macos | >= unspecified < 8.1 | 8.1 |
| apple | macos | >= unspecified < 15.1 | 15.1 |
| apple | macos_big_sur | — | — |
| apple | macos_monterey | — | — |
| apple | tvos | < 15.1 | 15.1 |
| apple | tvos | — | — |
| apple | watchos | < 8.1 | 8.1 |
| apple | watchos | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerable component is IOMobileFrameBuffer — monitor for unexpected kernel-level code execution originating from IOMobileFrameBuffer on Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS) ↗
- →CVE-2021-30883 is a memory corruption vulnerability in IOMobileFrameBuffer; detection should focus on anomalous kernel privilege escalation from user-space applications on unpatched Apple devices (pre-iOS 15.0.2, pre-iPadOS 15.0.2, pre-macOS Monterey 12.0.1, pre-macOS Big Sur 11.6.1, pre-tvOS 15.1, pre-watchOS 8.1, pre-iOS 14.8.1, pre-iPadOS 14.8.1) ↗
- →This vulnerability was actively exploited in the wild as a zero-day; treat any unpatched Apple device running affected OS versions as potentially compromised and prioritize forensic triage of IOMobileFrameBuffer interactions ↗
- ·The vulnerability resides specifically in the IOMobileFrameBuffer kernel component across multiple Apple product lines; scope of affected products is broad (iOS, iPadOS, macOS Big Sur, macOS Monterey, tvOS, watchOS) ↗
- ·CISA has added this to the Known Exploited Vulnerabilities catalog, confirming active exploitation; organizations should treat this as high-priority for patching and detection ↗
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Apple Multiple Products Memory Corruption Vulnerability
cisa·2022-05-23·CVSS 7.8
CVE-2021-30883 [HIGH] CWE-787 Apple Multiple Products Memory Corruption Vulnerability
Vulnerability: Apple Multiple Products Memory Corruption Vulnerability
Affected: Apple Multiple Products
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-30883
Remediation Due Date: 2022-06-13
Apple
CVE-2021-30883: iOS 14.8.1 and iPadOS 14.8.1
vendor_apple·2021-10-26·CVSS 7.8
CVE-2021-30883 [HIGH] CVE-2021-30883: iOS 14.8.1 and iPadOS 14.8.1
Apple Security Update: About the security content of iOS 14.8.1 and iPadOS 14.8.1
Product: iOS 14.8.1 and iPadOS
Version: 14.8.1
CVE: CVE-2021-30883
Component: IOMobileFrameBuffer
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2021-30883: watchOS 8.1
vendor_apple·2021-10-25·CVSS 7.8
CVE-2021-30883 [HIGH] CVE-2021-30883: watchOS 8.1
Apple Security Update: About the security content of watchOS 8.1
Product: watchOS
Version: 8.1
CVE: CVE-2021-30883
Component: IOMobileFrameBuffer
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2021-30883: macOS Big Sur 11.6.1
vendor_apple·2021-10-25·CVSS 7.8
CVE-2021-30883 [HIGH] CVE-2021-30883: macOS Big Sur 11.6.1
Apple Security Update: About the security content of macOS Big Sur 11.6.1
Product: macOS Big Sur
Version: 11.6.1
CVE: CVE-2021-30883
Component: IOMobileFrameBuffer
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2021-30883: tvOS 15.1
vendor_apple·2021-10-25·CVSS 7.8
CVE-2021-30883 [HIGH] CVE-2021-30883: tvOS 15.1
Apple Security Update: About the security content of tvOS 15.1
Product: tvOS
Version: 15.1
CVE: CVE-2021-30883
Component: IOMobileFrameBuffer
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2021-30883: macOS Monterey 12.0.1
vendor_apple·2021-10-25·CVSS 7.8
CVE-2021-30883 [HIGH] CVE-2021-30883: macOS Monterey 12.0.1
Apple Security Update: About the security content of macOS Monterey 12.0.1
Product: macOS Monterey
Version: 12.0.1
CVE: CVE-2021-30883
Component: IOMobileFrameBuffer
Impact: An application may be able to execute arbitrary code with kernel privileges
Description: A memory corruption issue was addressed with improved memory handling.
Apple
CVE-2021-30883: iOS 15.0.2 and iPadOS 15.0.2
vendor_apple·2021-10-11·CVSS 7.8
CVE-2021-30883 [HIGH] CVE-2021-30883: iOS 15.0.2 and iPadOS 15.0.2
Apple Security Update: About the security content of iOS 15.0.2 and iPadOS 15.0.2
Product: iOS 15.0.2 and iPadOS
Version: 15.0.2
CVE: CVE-2021-30883
Component: IOMobileFrameBuffer
Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.
Description: A memory corruption issue was addressed with improved memory handling.
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
VulnCheck
Apple Multiple Products Memory Corruption Vulnerability
vulncheck·2021·CVSS 7.8
CVE-2021-30883 [HIGH] CWE-787 Apple Multiple Products Memory Corruption Vulnerability
Apple Multiple Products Memory Corruption Vulnerability
Apple iOS, macOS, watchOS, and tvOS contain a memory corruption vulnerability that could allow for remote code execution.
Affected: Apple Multiple Products
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/en-us/103159; https://support.apple.com/en-us/103164; https://support.apple.com/en-us/103165; https://support.apple.com/en-us/103167; https://support.apple.com/en-us/103162; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://blog.google/threat-analysis-group/italian-spyware-vendor-targets-users-in-italy-and-kazakhstan/; https://resources.jamf.
No detection rules found.
No public exploits indexed.
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
blogs_qualys·2021-10-18·CVSS 7.0
[HIGH] Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
Apple recently released iOS and iPadOS 15.0.2 as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “ Apple is aware of a report that this issue may have been actively exploited ,” the company said in security advisories .
This year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which Apple is aware of a report that this issue may have been actively exploited . Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vul
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys
blogs_qualys·2021-10-18·CVSS 7.0
[HIGH] Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys
Apple recently released iOS and iPadOS 15.0.2 as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories.
This year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which Apple is aware of a report that this issue may have been actively exploited. Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vulnera
Checkpoint
18th October – Threat Intelligence Report
blogs_checkpoint·2021-10-18
CVE-2021-40449 18th October – Threat Intelligence Report
Latest Publications
CPR Podcast Channel
AI Research
Web 3.0 Security
Intelligence Reports
ThreatCloud AI
Threat Intelligence & Research
Zero Day Protection
Sandblast File Analysis
About Us
SUBSCRIBE
2026
2025
2024
2023
2022
2021
2020
2019
2018
2017
2016
## 18th October – Threat Intelligence Report
For the latest discoveries in cyber research for the week of 18th October, please download our Threat Intelligence Bulletin .
Top Attacks and Breaches
Israeli Medical Center Hillel Yaffe has been targeted by ransomware affecting the hospital’s computer systems, which have been working in a limited capacity since the attack occurred.
Russia-based group TA505 is running a new email phishing campaign dubbed MirrorBlast, targeting financial organizations with malicious mac
Krebs
Patch Tuesday, October 2021 Edition
blogs_krebs·2021-10-13·CVSS 7.8
[HIGH] Patch Tuesday, October 2021 Edition
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.
Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer writes that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher Saar Amar published a technical writeup and proof-of
Krebs
Patch Tuesday, October 2021 Edition
blogs_krebs·2021-10-12·CVSS 7.8
[HIGH] Patch Tuesday, October 2021 Edition
Microsoft today issued updates to plug more than 70 security holes in its Windows operating systems and other software, including one vulnerability that is already being exploited. This month’s Patch Tuesday also includes security fixes for the newly released Windows 11 operating system. Separately, Apple has released updates for iOS and iPadOS to address a flaw that is being actively attacked.
Firstly, Apple has released iOS 15.0.2 and iPadOS 15.0.2 to fix a zero-day vulnerability (CVE-2021-30883) that is being leveraged in active attacks targeting iPhone and iPad users. Lawrence Abrams of Bleeping Computer writes that the flaw could be used to steal data or install malware, and that soon after Apple patched the bug security researcher Saar Amar published a technical writeup and proof-of
https://support.apple.com/en-us/HT212846https://support.apple.com/en-us/HT212868https://support.apple.com/en-us/HT212869https://support.apple.com/en-us/HT212872https://support.apple.com/en-us/HT212874https://support.apple.com/en-us/HT212876https://support.apple.com/en-us/HT212846https://support.apple.com/en-us/HT212868https://support.apple.com/en-us/HT212869https://support.apple.com/en-us/HT212872https://support.apple.com/en-us/HT212874https://support.apple.com/en-us/HT212876https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30883
2021-08-24
Published
2022-05-23
Added to CISA KEV
Exploited in the wild