CVE-2021-30807

high-risk

Published 2021-10-19

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Do I need to act?

24.5% chance of exploitation in next 30 days

EPSS score — higher than 76% of all CVEs

CISA KEV: actively exploited in the wild

On the Known Exploited Vulnerabilities catalog — federal agencies must patch

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 7.8/10 High

LOCAL / LOW complexity

Affected Products (4)

Ipados

Iphone Os

Macos

Watchos

Affected Vendors

Apple

References (7)

Release Notes https://support.apple.com/en-us/HT212622

Release Notes https://support.apple.com/en-us/HT212623

Release Notes https://support.apple.com/en-us/HT212713

Release Notes https://support.apple.com/en-us/HT212622

Release Notes https://support.apple.com/en-us/HT212623

Release Notes https://support.apple.com/en-us/HT212713

Third Party Advisory https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-...

/ 100

high-risk

Severity 24/34 · High

Exploitability 22/34 · High

Exposure 10/34 · Low