CVE-2021-30665

high-risk

Published 2021-09-08

A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Do I need to act?

0.61% chance of exploitation

EPSS score — low exploit probability

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 8.8/10 High

NETWORK / LOW complexity

Affected Products (5)

Ipados

Iphone Os

Macos

Tvos

Watchos

Affected Vendors

Apple

References (11)

Release Notes https://support.apple.com/en-us/HT212335

Release Notes https://support.apple.com/en-us/HT212336

Release Notes https://support.apple.com/en-us/HT212339

Release Notes https://support.apple.com/en-us/HT212341

Release Notes https://support.apple.com/en-us/HT212532

Release Notes https://support.apple.com/en-us/HT212335

Release Notes https://support.apple.com/en-us/HT212336

Release Notes https://support.apple.com/en-us/HT212339

Release Notes https://support.apple.com/en-us/HT212341

Release Notes https://support.apple.com/en-us/HT212532

Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

high-risk

Severity 30/34 · Critical

Exploitability 9/34 · Low

Exposure 12/34 · Low