CVE-2021-30984 — Race Condition in Apple IOS AND Ipados

CWE-362 — Race Condition10 documents7 sources

Severity

7.5HIGHNVD

EPSS

0.7%

top 28.23%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple IOS AND Ipados Apple Macos Apple Watchos +6 more

Timeline

PublishedAug 24

Latest updateJan 27

Description

A race condition was addressed with improved state handling. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:HExploitability: 1.6 | Impact: 5.9

Affected Packages9 packages

▶NVDapple/tvos< 15.2

▶CVEListV5apple/macosunspecified — 12.1+1

▶NVDapple/macos< 12.1

▶NVDapple/ipados< 15.2

▶NVDapple/safari< 15.2

Also affects: Debian Linux 10.0, 11.0, Fedora 34, 35

🔴Vulnerability Details

CVEList

CVE-2021-30984: A race condition was addressed with improved state handling↗2021-08-24

▶

OSV

CVE-2021-30984: A race condition was addressed with improved state handling↗2021-08-24

▶

📋Vendor Advisories

Ubuntu

WebKitGTK vulnerabilities↗2022-01-27

▶

Red Hat

webkitgtk: Processing maliciously crafted web content may lead to arbitrary code execution↗2022-01-21

▶

Apple

CVE-2021-30984: Safari 15.2↗2021-12-14

▶

Apple

CVE-2021-30984: macOS Monterey 12.1↗2021-12-13

▶

Apple

CVE-2021-30984: watchOS 8.3↗2021-12-13

▶