Vulnerability Details : CVE-2021-30849
Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, iTunes 12.12 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
Vulnerability category: Memory Corruption
Products affected by CVE-2021-30849
- cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*
- cpe:2.3:a:apple:itunes:*:*:*:*:*:windows:*:*
- cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
- cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
Threat overview for CVE-2021-30849
Top countries where our scanners detected CVE-2021-30849
Top open port discovered on systems with this issue
3689
IPs affected by CVE-2021-30849 279
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2021-30849!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2021-30849
0.15%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 51 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2021-30849
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST | |
7.8
|
HIGH | CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
1.8
|
5.9
|
NIST |
CWE ids for CVE-2021-30849
-
The product writes data past the end, or before the beginning, of the intended buffer.Assigned by: nvd@nist.gov (Primary)
References for CVE-2021-30849
-
http://www.openwall.com/lists/oss-security/2021/10/27/2
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006Mailing List
-
http://seclists.org/fulldisclosure/2021/Oct/60
Full Disclosure: APPLE-SA-2021-10-26-8 Additional information for APPLE-SA-2021-09-20-5 Safari 15Mailing List;Third Party Advisory
-
https://support.apple.com/kb/HT212869
About the security content of macOS Monterey 12.0.1 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212807
About the security content of iOS 14.8 and iPadOS 14.8 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212814
About the security content of iOS 15 and iPadOS 15 - Apple SupportVendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/10/27/4
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006Mailing List
-
http://www.openwall.com/lists/oss-security/2021/10/27/1
oss-security - Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006Mailing List
-
http://seclists.org/fulldisclosure/2021/Oct/62
Full Disclosure: APPLE-SA-2021-10-26-10 Additional information for APPLE-SA-2021-09-20-2 watchOS 8Mailing List;Third Party Advisory
-
http://seclists.org/fulldisclosure/2021/Oct/61
Full Disclosure: APPLE-SA-2021-10-26-9 Additional information for APPLE-SA-2021-09-20-1 iOS 15 and iPadOS 15Mailing List;Third Party Advisory
-
https://support.apple.com/en-us/HT212816
About the security content of Safari 15 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212817
About the security content of iTunes 12.12 for Windows - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212819
About the security content of watchOS 8 - Apple SupportVendor Advisory
-
https://support.apple.com/en-us/HT212815
About the security content of tvOS 15 - Apple SupportVendor Advisory
-
https://support.apple.com/kb/HT212953
About the security content of iCloud for Windows 13 - Apple SupportVendor Advisory
-
http://www.openwall.com/lists/oss-security/2021/10/26/9
oss-security - WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006Mailing List
-
http://seclists.org/fulldisclosure/2021/Oct/63
Full Disclosure: APPLE-SA-2021-10-26-11 Additional information for APPLE-SA-2021-09-20-3 tvOS 15Mailing List;Third Party Advisory
Jump to