cbcvebase.
CVE-2021-30883
published 2021-08-24

CVE-2021-30883: A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1…

PriorityP182high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
KEVITWEXPLOIT
CISA Known Exploited Vulnerabilitydue 2022-06-13
Exploited in the wild
EPSS
14.72%
96.2th percentile
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Affected

20 ranges
VendorProductVersion rangeFixed in
appleios_14.8.1_and_ipados
appleios_15.0.2_and_ipados
appleios_and_ipados>= unspecified < 15.015.0
appleios_and_ipados>= unspecified < 14.814.8
appleipados< 14.8.114.8.1
appleipados>= 15.0 < 15.0.215.0.2
appleiphone_os< 14.8.114.8.1
appleiphone_os>= 15.0 < 15.0.215.0.2
applemacos
applemacos>= 11.0 < 11.6.111.6.1
applemacos>= unspecified < 12.012.0
applemacos>= unspecified < 11.611.6
applemacos>= unspecified < 8.18.1
applemacos>= unspecified < 15.115.1
applemacos_big_sur
applemacos_monterey
appletvos< 15.115.1
appletvos
applewatchos< 8.18.1
applewatchos

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerable component is IOMobileFrameBuffer — monitor for unexpected kernel-level code execution originating from IOMobileFrameBuffer on Apple platforms (iOS, iPadOS, macOS, tvOS, watchOS)
  • CVE-2021-30883 is a memory corruption vulnerability in IOMobileFrameBuffer; detection should focus on anomalous kernel privilege escalation from user-space applications on unpatched Apple devices (pre-iOS 15.0.2, pre-iPadOS 15.0.2, pre-macOS Monterey 12.0.1, pre-macOS Big Sur 11.6.1, pre-tvOS 15.1, pre-watchOS 8.1, pre-iOS 14.8.1, pre-iPadOS 14.8.1)
  • This vulnerability was actively exploited in the wild as a zero-day; treat any unpatched Apple device running affected OS versions as potentially compromised and prioritize forensic triage of IOMobileFrameBuffer interactions
  • ·The vulnerability resides specifically in the IOMobileFrameBuffer kernel component across multiple Apple product lines; scope of affected products is broad (iOS, iPadOS, macOS Big Sur, macOS Monterey, tvOS, watchOS)
  • ·CISA has added this to the Known Exploited Vulnerabilities catalog, confirming active exploitation; organizations should treat this as high-priority for patching and detection

CVSS provenance

nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vulncheck7.8HIGH
cisa7.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.