⚠ Actively exploited
Added to CISA KEV on 2022-06-27. Federal agencies required to patch by 2022-07-18. Required action: Apply updates per vendor instructions..

CVE-2021-30983Classic Buffer Overflow in Apple IOS AND Ipados

CWE-120Classic Buffer OverflowCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 33.98%
CISA KEV
KEV
Added 2022-06-27
Due 2022-07-18
Exploit
Exploited in wild
Active exploitation observed
Affected products
3
Apple IOS AND IpadosApple IpadosApple Iphone OS
Timeline
PublishedAug 24
KEV addedJun 27
KEV dueJul 18
CISA Required Action: Apply updates per vendor instructions.

Description

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.8 | Impact: 5.9

Affected Packages3 packages

NVDapple/ipados< 15.2
CVEListV5apple/ios_and_ipadosunspecified15.2
NVDapple/iphone_os< 15.2

🔴Vulnerability Details

3
Project0
The curious tale of a fake Carrier.app - Project Zero2022-06-01
Project0
2022 0-day In-the-Wild Exploitation…so far - Project Zero2022-06-01
VulnCheck
Apple iOS and iPadOS Buffer Overflow Vulnerability2021

📋Vendor Advisories

1
CISA
Apple iOS and iPadOS Buffer Overflow Vulnerability2022-06-27
CVE-2021-30983 — Classic Buffer Overflow in Apple | cvebase