cve-2021-30665
Vulnerability from cvelistv5
Published
2021-09-08 14:25
Modified
2024-08-03 22:40
Severity ?
Summary
A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Impacted products
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-11-17

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-30665

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:40:31.995Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212532"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212341"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212335"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212336"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212339"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.3",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "7.4",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "12.5",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-09-08T14:25:00",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212532"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212341"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212335"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212336"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212339"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30665",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.3"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "7.4"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "12.5"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.6"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212532",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212532"
            },
            {
              "name": "https://support.apple.com/en-us/HT212341",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212341"
            },
            {
              "name": "https://support.apple.com/en-us/HT212335",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212335"
            },
            {
              "name": "https://support.apple.com/en-us/HT212336",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212336"
            },
            {
              "name": "https://support.apple.com/en-us/HT212339",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212339"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30665",
    "datePublished": "2021-09-08T14:25:00",
    "dateReserved": "2021-04-13T00:00:00",
    "dateUpdated": "2024-08-03T22:40:31.995Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-30665",
      "cwes": "[\"CWE-787\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-30665",
      "product": "Multiple Products",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple iOS, iPadOS, macOS, watchOS, and tvOS WebKit contain a memory corruption vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple Multiple Products WebKit Memory Corruption Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-30665\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-09-08T15:15:13.507\",\"lastModified\":\"2024-05-16T01:00:02.197\",\"vulnStatus\":\"Analyzed\",\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple Multiple Products WebKit Memory Corruption Vulnerability\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS 7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..\"},{\"lang\":\"es\",\"value\":\"Se abord\u00f3 un problema de corrupci\u00f3n de la memoria con una administraci\u00f3n de estado mejorada. Este problema es corregido en watchOS versi\u00f3n 7.4.1, iOS versi\u00f3n 14.5.1 y iPadOS versi\u00f3n 14.5.1, tvOS versi\u00f3n 14.6, iOS versi\u00f3n 12.5.3, macOS Big Sur versi\u00f3n 11.3.1. El procesamiento de contenido web maliciosamente dise\u00f1ado puede conllevar a una ejecuci\u00f3n de c\u00f3digo arbitrario. Apple est\u00e1 al tanto de un informe de que este problema puede haber sido explotado activamente\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\",\"baseScore\":6.8},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.5.1\",\"matchCriteriaId\":\"5B359E58-3DFD-430B-8630-EDFE22A986A8\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5.3\",\"matchCriteriaId\":\"443BF1FD-EC67-437D-A9CA-EEB3EF25B701\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"14.5.1\",\"matchCriteriaId\":\"C34E22EA-B0D1-4830-A946-EAA740419204\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.3.1\",\"matchCriteriaId\":\"9C5F498C-9B91-4888-9BA1-905836A40C64\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"14.6\",\"matchCriteriaId\":\"9076D8C8-70CD-4DE5-8BAE-8CA6A5BEDDB3\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"7.4.1\",\"matchCriteriaId\":\"F2A1D20A-1C0B-4642-883F-D8295A897DF9\"}]}]}],\"references\":[{\"url\":\"https://support.apple.com/en-us/HT212335\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212336\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212339\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212341\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212532\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\",\"Vendor Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading...

Loading...

Loading...
  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.