cve-2021-30858
Vulnerability from cvelistv5
Published
2021-08-24 18:49
Modified
2024-08-03 22:48
Severity ?
Summary
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
References
product-security@apple.comhttp://seclists.org/fulldisclosure/2021/Sep/25Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2021/Sep/27Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2021/Sep/29Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2021/Sep/38Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2021/Sep/39Mailing List, Third Party Advisory
product-security@apple.comhttp://seclists.org/fulldisclosure/2021/Sep/50Mailing List, Third Party Advisory
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2021/09/20/1Mailing List
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2021/10/26/9Mailing List
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2021/10/27/1Mailing List
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2021/10/27/2Mailing List
product-security@apple.comhttp://www.openwall.com/lists/oss-security/2021/10/27/4Mailing List
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/Release Notes
product-security@apple.comhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/Release Notes
product-security@apple.comhttps://support.apple.com/en-us/HT212804Third Party Advisory
product-security@apple.comhttps://support.apple.com/en-us/HT212807Third Party Advisory
product-security@apple.comhttps://support.apple.com/kb/HT212824Third Party Advisory
product-security@apple.comhttps://www.debian.org/security/2021/dsa-4975Mailing List, Third Party Advisory
product-security@apple.comhttps://www.debian.org/security/2021/dsa-4976Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Sep/25Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Sep/27Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Sep/29Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Sep/38Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Sep/39Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://seclists.org/fulldisclosure/2021/Sep/50Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/09/20/1Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/10/26/9Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/10/27/1Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/10/27/2Mailing List
af854a3a-2127-422b-91ae-364da2661108http://www.openwall.com/lists/oss-security/2021/10/27/4Mailing List
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/Release Notes
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212804Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/en-us/HT212807Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://support.apple.com/kb/HT212824Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4975Mailing List, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108https://www.debian.org/security/2021/dsa-4976Mailing List, Third Party Advisory
Impacted products
Vendor Product Version
Apple iOS Version: unspecified   < 14.8
CISA Known exploited vulnerability
Data from the Known Exploited Vulnerabilities Catalog

Date added: 2021-11-03

Due date: 2021-11-17

Required action: Apply updates per vendor instructions.

Used in ransomware: Unknown

Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-30858

Show details on NVD website


{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-03T22:48:13.458Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212804"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://support.apple.com/en-us/HT212807"
          },
          {
            "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/27"
          },
          {
            "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/25"
          },
          {
            "name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/29"
          },
          {
            "name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"
          },
          {
            "name": "FEDORA-2021-c00e45b6c0",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/38"
          },
          {
            "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
          },
          {
            "name": "DSA-4975",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4975"
          },
          {
            "name": "DSA-4976",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4976"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://support.apple.com/kb/HT212824"
          },
          {
            "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
            "tags": [
              "mailing-list",
              "x_refsource_FULLDISC",
              "x_transferred"
            ],
            "url": "http://seclists.org/fulldisclosure/2021/Sep/50"
          },
          {
            "name": "FEDORA-2021-edf6957b7d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"
          },
          {
            "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
          },
          {
            "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "macOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "11.6",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        },
        {
          "product": "iOS",
          "vendor": "Apple",
          "versions": [
            {
              "lessThan": "14.8",
              "status": "affected",
              "version": "unspecified",
              "versionType": "custom"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-10-27T20:06:21",
        "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
        "shortName": "apple"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212804"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://support.apple.com/en-us/HT212807"
        },
        {
          "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/27"
        },
        {
          "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/25"
        },
        {
          "name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/29"
        },
        {
          "name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"
        },
        {
          "name": "FEDORA-2021-c00e45b6c0",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/38"
        },
        {
          "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
        },
        {
          "name": "DSA-4975",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4975"
        },
        {
          "name": "DSA-4976",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4976"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://support.apple.com/kb/HT212824"
        },
        {
          "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
          "tags": [
            "mailing-list",
            "x_refsource_FULLDISC"
          ],
          "url": "http://seclists.org/fulldisclosure/2021/Sep/50"
        },
        {
          "name": "FEDORA-2021-edf6957b7d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"
        },
        {
          "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
        },
        {
          "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
        },
        {
          "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
        },
        {
          "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "product-security@apple.com",
          "ID": "CVE-2021-30858",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "macOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "11.6"
                          }
                        ]
                      }
                    },
                    {
                      "product_name": "iOS",
                      "version": {
                        "version_data": [
                          {
                            "version_affected": "\u003c",
                            "version_value": "14.8"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "Apple"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://support.apple.com/en-us/HT212804",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212804"
            },
            {
              "name": "https://support.apple.com/en-us/HT212807",
              "refsource": "MISC",
              "url": "https://support.apple.com/en-us/HT212807"
            },
            {
              "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/27"
            },
            {
              "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/25"
            },
            {
              "name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/29"
            },
            {
              "name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"
            },
            {
              "name": "FEDORA-2021-c00e45b6c0",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"
            },
            {
              "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/38"
            },
            {
              "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/39"
            },
            {
              "name": "DSA-4975",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4975"
            },
            {
              "name": "DSA-4976",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4976"
            },
            {
              "name": "https://support.apple.com/kb/HT212824",
              "refsource": "CONFIRM",
              "url": "https://support.apple.com/kb/HT212824"
            },
            {
              "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5",
              "refsource": "FULLDISC",
              "url": "http://seclists.org/fulldisclosure/2021/Sep/50"
            },
            {
              "name": "FEDORA-2021-edf6957b7d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"
            },
            {
              "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"
            },
            {
              "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006",
              "refsource": "MLIST",
              "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c",
    "assignerShortName": "apple",
    "cveId": "CVE-2021-30858",
    "datePublished": "2021-08-24T18:49:23",
    "dateReserved": "2021-04-13T00:00:00",
    "dateUpdated": "2024-08-03T22:48:13.458Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "cisa_known_exploited": {
      "cveID": "CVE-2021-30858",
      "cwes": "[\"CWE-416\"]",
      "dateAdded": "2021-11-03",
      "dueDate": "2021-11-17",
      "knownRansomwareCampaignUse": "Unknown",
      "notes": "https://nvd.nist.gov/vuln/detail/CVE-2021-30858",
      "product": "iOS, iPadOS, and macOS",
      "requiredAction": "Apply updates per vendor instructions.",
      "shortDescription": "Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.",
      "vendorProject": "Apple",
      "vulnerabilityName": "Apple iOS, iPadOS, macOS Use-After-Free Vulnerability"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2021-30858\",\"sourceIdentifier\":\"product-security@apple.com\",\"published\":\"2021-08-24T19:15:14.253\",\"lastModified\":\"2024-11-21T06:04:51.323\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.\"},{\"lang\":\"es\",\"value\":\"Se ha solucionado un problema de uso despu\u00e9s de la liberaci\u00f3n con una mejor gesti\u00f3n de la memoria. Este problema se ha solucionado en iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6. El procesamiento de contenido web malicioso puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H\",\"baseScore\":8.8,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"REQUIRED\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.8,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:P\",\"baseScore\":6.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"PARTIAL\"},\"baseSeverity\":\"MEDIUM\",\"exploitabilityScore\":8.6,\"impactScore\":6.4,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":true}]},\"cisaExploitAdd\":\"2021-11-03\",\"cisaActionDue\":\"2021-11-17\",\"cisaRequiredAction\":\"Apply updates per vendor instructions.\",\"cisaVulnerabilityName\":\"Apple iOS, iPadOS, macOS Use-After-Free Vulnerability\",\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.1\",\"versionEndExcluding\":\"14.8\",\"matchCriteriaId\":\"6B243B4E-56A5-4950-A291-13EF0E402185\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"12.5.5\",\"matchCriteriaId\":\"5998D71C-A481-4F0C-AA06-B1FF0E6664A0\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"13.0\",\"versionEndExcluding\":\"14.8\",\"matchCriteriaId\":\"478E12B4-50EB-4CB2-9C50-D8F08127FB12\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"11.6\",\"matchCriteriaId\":\"5F52D69C-8621-4E01-ABDE-8473A590BCB6\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"A930E247-0B43-43CB-98FF-6CE7B8189835\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"FA6FEEC2-9F11-4643-8827-749718254FED\"}]}]}],\"references\":[{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/25\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/27\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/29\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/38\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/39\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/50\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/20/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/26/9\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/27/1\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/27/2\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/27/4\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/\",\"source\":\"product-security@apple.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT212804\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212807\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212824\",\"source\":\"product-security@apple.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4975\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4976\",\"source\":\"product-security@apple.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/25\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/27\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/29\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/38\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://seclists.org/fulldisclosure/2021/Sep/50\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/09/20/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/26/9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/27/1\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/27/2\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"http://www.openwall.com/lists/oss-security/2021/10/27/4\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://support.apple.com/en-us/HT212804\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/en-us/HT212807\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://support.apple.com/kb/HT212824\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4975\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4976\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]}]}}"
  }
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.


Loading…

Loading…

Loading…

Sightings

Author Source Type Date

Nomenclature

  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.