⚠ Actively exploited
Added to CISA KEV on 2022-05-23. Federal agencies required to patch by 2022-06-13. Required action: Apply updates per vendor instructions..
CVE-2021-30883 — Out-of-bounds Write in Apple IOS AND Ipados
Severity
7.8HIGHNVD
EPSS
0.4%
top 41.51%
CISA KEV
KEV
Added 2022-05-23
Due 2022-06-13
Exploit
Exploited in wild
Active exploitation observed
Affected products
Timeline
PublishedAug 24
KEV addedMay 23
KEV dueJun 13
CISA Required Action: Apply updates per vendor instructions.
Description
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9
Affected Packages13 packages
🔴Vulnerability Details
2📋Vendor Advisories
7🕵️Threat Intelligence
4Qualys▶
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices↗2021-10-18
Qualys▶
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys↗2021-10-18