apple ipad-os CVE-2021-30900 vulnerability in Apple Products
Published on August 24, 2021

product logo product logo product logo
An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Vendor Advisory Vendor Advisory Vendor Advisory NVD

Known Exploited Vulnerability

This Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability is part of CISA's list of Known Exploited Vulnerabilities. Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

The following remediation steps are recommended / required by April 20, 2023: Apply updates per vendor instructions.

Vulnerability Analysis

CVE-2021-30900 is exploitable with local system access, requires user interaction. This vulnerability is considered to have a low attack complexity. It has an exploitability score of 1.8 out of four. The potential impact of an exploit of this vulnerability is considered to be very high.

What is a Memory Corruption Vulnerability?

The software writes data past the end, or before the beginning, of the intended buffer. Typically, this can result in corruption of data, a crash, or code execution. The software may modify an index or perform pointer arithmetic that references a memory location that is outside of the boundaries of the buffer. A subsequent write operation then produces undefined or unexpected results.

CVE-2021-30900 has been classified to as a Memory Corruption vulnerability or weakness.


Products Associated with CVE-2021-30900

You can be notified by stack.watch whenever vulnerabilities like CVE-2021-30900 are published in these products:

Apple iPad OS
 
Apple iOS
 
Apple Macos
 
Apple iPad OS
 

What versions are vulnerable to CVE-2021-30900?