CVE-2021-30661 vulnerability in Apple Products
Published on September 8, 2021
Known Exploited Vulnerability
This Apple iOS Webkit Storage Use-After-Free Remote Code Execution Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
The following remediation steps are recommended / required by November 17, 2021: Apply updates per vendor instructions.
Vulnerability Analysis
CVE-2021-30661 can be exploited with network access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 2.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.
What is a Dangling pointer Vulnerability?
Referencing memory after it has been freed can cause a program to crash, use unexpected values, or execute code.
CVE-2021-30661 has been classified to as a Dangling pointer vulnerability or weakness.
Products Associated with CVE-2021-30661
You can be notified by stack.watch whenever vulnerabilities like CVE-2021-30661 are published in these products:
What versions are vulnerable to CVE-2021-30661?
- Apple Safari Fixed in Version 14.1
- Apple macOS Version 11.0 Fixed in Version 11.3
- Apple tvOS Fixed in Version 14.5
- Apple watchOS Fixed in Version 7.4
- Apple iPadOS Fixed in Version 14.5
- Apple Iphone Os Fixed in Version 12.5.3
- Apple Iphone Os Version 14.0 Fixed in Version 14.5