⚠ Actively exploited
Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..

CVE-2021-30883Out-of-bounds Write in Apple IOS AND Ipados

CWE-787Out-of-bounds Write14 documents7 sources
Severity
7.8HIGHNVD
EPSS
0.4%
top 41.51%
CISA KEV
KEV
Added 2022-05-23
Due 2022-06-13
Exploit
Exploited in wild
Active exploitation observed
Timeline
PublishedAug 24
KEV addedMay 23
KEV dueJun 13
CISA Required Action: Apply updates per vendor instructions.

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages13 packages

Appleapple/macos_monterey12.0.1
CVEListV5apple/macosunspecified12.0+3
NVDapple/macos11.011.6.1+1
NVDapple/ipados15.015.0.2+1
CVEListV5apple/ios_and_ipadosunspecified15.0+1

🔴Vulnerability Details

2
Project0
The More You Know, The More You Know You Don’t Know - Project Zero2022-04-01
VulnCheck
Apple Multiple Products Memory Corruption Vulnerability2021

📋Vendor Advisories

7
CISA
Apple Multiple Products Memory Corruption Vulnerability2022-05-23
Apple
CVE-2021-30883: iOS 14.8.1 and iPadOS 14.8.12021-10-26
Apple
CVE-2021-30883: watchOS 8.12021-10-25
Apple
CVE-2021-30883: macOS Big Sur 11.6.12021-10-25
Apple
CVE-2021-30883: tvOS 15.12021-10-25

🕵️Threat Intelligence

4
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices2021-10-18
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys2021-10-18
Krebs
Patch Tuesday, October 2021 Edition2021-10-13
Krebs
Patch Tuesday, October 2021 Edition2021-10-12