Attacker Value

Unknown

(0 users assessed)

Exploitability

Unknown

(0 users assessed)

User Interaction

Required

Privileges Required

None

Attack Vector

Network

1

CVE-2021-30858

Disclosure Date: August 24, 2021 •

CVE-2021-30858 CVSS v3 Base Score: 8.8

Exploited in the Wild

Reported by mkienow-r7 and 2 more...
View Source Details

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Add Assessment

No one has assessed this topic. Be the first to add your voice to the community.

CVSS V3 Severity and Metrics

Data provided by the National Vulnerability Database (NVD)

Base Score:

8.8 High

Impact Score:

5.9

Exploitability Score:

2.8

Vector:

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Attack Vector (AV):

Network

Attack Complexity (AC):

Low

Privileges Required (PR):

None

User Interaction (UI):

Required

Scope (S):

Unchanged

Confidentiality (C):

High

Integrity (I):

High

Availability (A):

High

Vendors

apple,
debian,
fedoraproject

Products

debian linux 10.0,
debian linux 11.0,
fedora 33,
fedora 34,
ipados,
iphone os,
macos

Exploited in the Wild

Reported by:

mkienow-r7 indicated source as Vendor Advisory (https://support.apple.com/en-us/HT212807)

Reported: September 13, 2021 7:12pm UTC (3 years ago)

gwillcox-r7 indicated source as News Article or Blog (https://cybersecurityworks.com/blog/cyber-risk/pegasus-spyware-snoops-on-political-figures-worldwide.html)

Reported: February 21, 2023 5:14pm UTC (1 year ago)

AttackerKB Worker indicated source as Government or Industry Alert (https://www.cisa.gov/known-exploited-vulnerabilities-catalog)

Reported: November 08, 2024 8:13am UTC (4 days ago)

References

Canonical

CVE-2021-30858 (https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-30858)

Advisory

20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6 (http://seclists.org/fulldisclosure/2021/Sep/27)

20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8 (http://seclists.org/fulldisclosure/2021/Sep/25)

20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2 (http://seclists.org/fulldisclosure/2021/Sep/29)

[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005 (http://www.openwall.com/lists/oss-security/2021/09/20/1)

FEDORA-2021-c00e45b6c0 (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/)

20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8 (http://seclists.org/fulldisclosure/2021/Sep/38)

20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6 (http://seclists.org/fulldisclosure/2021/Sep/39)

DSA-4975 (https://www.debian.org/security/2021/dsa-4975)

DSA-4976 (https://www.debian.org/security/2021/dsa-4976)

https://support.apple.com/kb/HT212824

20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5 (http://seclists.org/fulldisclosure/2021/Sep/50)

FEDORA-2021-edf6957b7d (https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/)

[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 (http://www.openwall.com/lists/oss-security/2021/10/26/9)

[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 (http://www.openwall.com/lists/oss-security/2021/10/27/1)

[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 (http://www.openwall.com/lists/oss-security/2021/10/27/2)

[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 (http://www.openwall.com/lists/oss-security/2021/10/27/4)

Miscellaneous

https://support.apple.com/en-us/HT212804

https://support.apple.com/en-us/HT212807

Rapid7

Technical Analysis