CVE-2021-30951 — Use After Free in Apple IOS AND Ipados

CWE-416 — Use After Free10 documents7 sources

Severity

8.8HIGHNVD

EPSS

0.9%

top 24.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +6 more

Timeline

PublishedAug 24

Latest updateJan 27

Description

A use after free issue was addressed with improved memory management. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages9 packages

▶NVDapple/tvos< 15.2

▶CVEListV5apple/macosunspecified — 12.1+1

▶NVDapple/macos12.0.0 — 12.1

▶NVDapple/ipados< 15.2

▶NVDapple/safari< 15.2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

OSV

CVE-2021-30951: A use after free issue was addressed with improved memory management↗2021-08-24

▶

CVEList

CVE-2021-30951: A use after free issue was addressed with improved memory management↗2021-08-24

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2022-01-27

▶

Red Hat

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution↗2022-01-21

▶

Apple

CVE-2021-30951: Safari 15.2↗2021-12-14

▶

Apple

CVE-2021-30951: macOS Monterey 12.1↗2021-12-13

▶

Apple

CVE-2021-30951: watchOS 8.3↗2021-12-13

▶