Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
8.8
CVSSv3

CVE-2021-30858

Published: 24/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
VMScore: 607
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Macos

Vulnerability Summary

Apple iOS 14.8 and iPadOS 14.8 update: A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Updates are Available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple macos

apple iphone os

apple ipados

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

Debian Security Advisories: DSA-4976-1 wpewebkit -- security update
The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30858 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited For the stable distribution (bullseye), ...
Debian Security Advisories: DSA-4975-1 webkit2gtk -- security update
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited For the oldstable distribution (buster ...
Amazon Linux 2: ALAS2-2022-1747
A flaw was found in webkitgtk This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution (CVE-2021-30858) ...
Red Hat: CVE-2021-30858
A use after free issue was addressed with improved memory management This issue is fixed in iOS 148 and iPadOS 148, macOS Big Sur 116 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited ...
Arch Linux Issues:
A security issue has been found in WebKitGTK and WPE WebKit before 2324 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited ...
Amazon Linux 2022: ALAS2022-2022-015
A use-after-free flaw was found in WebKitGTK Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed (CVE-2021-30809) A confusion type flaw was found in WebKitGTK Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed (CVE-2021-30818) A logic issue ...

Mailing Lists

Full Disclosure: APPLE-SA-2021-09-13-5 Safari 14.1.2
<!--X-Body-Begin--> <!--X-User-Header--> Full Disclosure mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> APPLE-SA-2021-09-13-5 Safari 1412 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Apple Product Securit ...
Full Disclosure: Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Salv ...
Full Disclosure: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Carlos A ...
Full Disclosure: Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006
<!--X-Body-Begin--> <!--X-User-Header--> oss-sec mailing list archives <!--X-User-Header-End--> <!--X-TopPNI--> By Date By Thread </form> <!--X-TopPNI-End--> <!--X-MsgBody--> <!--X-Subject-Header-Begin--> Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 <!--X-Subject-Header-End--> <!--X-Head-of-Message--> From: Samu ...

Github Repositories

https://github.com/FitTerminator/PS4-CVE-202130858

Hi there! Thanks for testing out my first Github repository & attempt to implement a webkit vulnerability test! So you are aware: I did not discover this exploit, and I also did not write most of this code. So far, I have started off with modifying existing code to begin to learn how this all works. Let me know how your experience went!

fitterminatorgithubio/CVE-202130858 CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor) Hi there! Thanks for testing out my first Github repository &amp; attempt to implement a webkit vulnerability test! So you are aware: I did not discover this exploit, and I also did not write most of this code So far, I have starte

https://github.com/Nazky/PS4CVE202130858

VERY simple code to check if the browser is compatible or not

PS4CVE202130858 VERY simple code to check if the ps4 browser is patched or not original post : googleprojectzerogithubio/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30858html

https://github.com/KameleonReloaded/CVEREV3

Testing CVE-2021-30858 Rev3

CVEREV3 Testing CVE-2021-30858 Rev3 original post : googleprojectzerogithubio/0days-in-the-wild/0day-RCAs/2021/CVE-2021-30858html

https://github.com/ChendoChap/PS5-Webkit-Execution

ROP userland execution for PS5 (4.03)

# Exploring the Playstation 5 Security - Userland Introduction The PlayStation 5 was released on November 12th 2020 While it's similar to the PS4 in it's architecture, the security model is vastly improved on both kernel and userland fronts Below is some key system information on system software and some of the changes from the last generation Uses FreeBSD 11

https://github.com/FitTerminator/CVE-202130858

Hi there! Thanks for testing out my first Github repository & attempt to implement a webkit vulnerability test! So you are aware: I did not discover this exploit, and I also did not write most of this code. So far, I have started off with modifying existing code to begin to learn how this all works. Let me know how your experience went!

fitterminatorgithubio/CVE-202130858 CVE-202130858 (Intended for testing on an Apple iOS device or a Sony Playstation 4 of any flavor) Hi there! Thanks for testing out my first Github repository &amp; attempt to implement a webkit vulnerability test! So you are aware: I did not discover this exploit, and I also did not write most of this code So far, I have starte

Recent Articles

Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware
The Register • Thomas Claburn in San Francisco • 13 Sep 2021

Get our weekly newsletter Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well

Updated Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates. A day before the iGiant is expected to announce the iPhone 13, it released updates for iOS 14.8 and iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6. Previous macOS releases Catalina (10.15) and Mojave (10.14) received updated version...

Read more...

References

CWE-416https://support.apple.com/en-us/HT212804https://support.apple.com/en-us/HT212807http://seclists.org/fulldisclosure/2021/Sep/27http://seclists.org/fulldisclosure/2021/Sep/25http://seclists.org/fulldisclosure/2021/Sep/29http://www.openwall.com/lists/oss-security/2021/09/20/1https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/http://seclists.org/fulldisclosure/2021/Sep/38http://seclists.org/fulldisclosure/2021/Sep/39https://www.debian.org/security/2021/dsa-4975https://www.debian.org/security/2021/dsa-4976https://support.apple.com/kb/HT212824http://seclists.org/fulldisclosure/2021/Sep/50https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/http://www.openwall.com/lists/oss-security/2021/10/26/9http://www.openwall.com/lists/oss-security/2021/10/27/1http://www.openwall.com/lists/oss-security/2021/10/27/2http://www.openwall.com/lists/oss-security/2021/10/27/4https://nvd.nist.govhttps://www.debian.org/security/2021/dsa-4976https://github.com/FitTerminator/PS4-CVE-202130858https://support.apple.com/en-us/HT212807https://alas.aws.amazon.com/AL2/ALAS-2022-1747.html
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-1183hard-codedCVE-2024-28254CVE-2023-43790buffer overflowbypassCVE-2024-32633CVE-2024-1874CVE-2024-23558
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook