⚠ Actively exploited

Added to CISA KEV on 2023-03-30. Federal agencies required to patch by 2023-04-20. Required action: Apply updates per vendor instructions..

CVE-2021-30900 — Out-of-bounds Write in Apple IOS AND Ipados

CWE-787 — Out-of-bounds Write CWE-20 — Improper Input Validation6 documents4 sources

Severity

7.8HIGHNVD

EPSS

0.5%

top 34.84%

CISA KEV

KEV

Added 2023-03-30

Due 2023-04-20

Exploit

Exploited in wild

Active exploitation observed

Affected products

Apple IOS AND Ipados Apple Ipados Apple Iphone OS +4 more

Timeline

PublishedAug 24

KEV addedMar 30

KEV dueApr 20

CISA Required Action: Apply updates per vendor instructions.

Description

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages7 packages

▶NVDapple/ipados< 14.8.1+1

▶CVEListV5apple/ios_and_ipadosunspecified — 15.1+1

▶Appleapple/ios_15.1_and_ipados15.1

▶Appleapple/ios_14.8.1_and_ipados14.8.1

▶NVDapple/macos< 11.6.1

🔴Vulnerability Details

VulnCheck

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability↗2021

▶

📋Vendor Advisories

CISA

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability↗2023-03-30

▶

Apple

CVE-2021-30900: iOS 14.8.1 and iPadOS 14.8.1↗2021-10-26

▶

Apple

CVE-2021-30900: iOS 15.1 and iPadOS 15.1↗2021-10-25

▶

Apple

CVE-2021-30900: macOS Big Sur 11.6.1↗2021-10-25

▶