CVE-2021-30952
high-risk
Published 2021-08-24
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Do I need to act?
~
1.2% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
!
CISA KEV: actively exploited in the wild
On the Known Exploited Vulnerabilities catalog — federal agencies must patch
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
7
CVSS 7.8/10
High
LOCAL
/ LOW complexity
Affected Products (12)
Affected Vendors
References (22)
Release Notes
https://support.apple.com/en-us/HT212975
Release Notes
https://support.apple.com/en-us/HT212976
Release Notes
https://support.apple.com/en-us/HT212978
Release Notes
https://support.apple.com/en-us/HT212980
Release Notes
https://support.apple.com/en-us/HT212982
Mailing List
https://www.debian.org/security/2022/dsa-5060
Mailing List
https://www.debian.org/security/2022/dsa-5061
Release Notes
https://support.apple.com/en-us/HT212975
Release Notes
https://support.apple.com/en-us/HT212976
Release Notes
https://support.apple.com/en-us/HT212978
Release Notes
https://support.apple.com/en-us/HT212980
Release Notes
https://support.apple.com/en-us/HT212982
Mailing List
https://www.debian.org/security/2022/dsa-5060
Mailing List
https://www.debian.org/security/2022/dsa-5061
and 2 more references
52
/ 100
high-risk
Severity
24/34 · High
Exploitability
11/34 · Low
Exposure
17/34 · Moderate