8.8
CVSSv3

CVE-2021-30858

Published: 24/08/2021 Updated: 03/12/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apple iOS 14.8 and iPadOS 14.8 update: A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Updates are Available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple ipados

apple iphone os

apple macos

fedoraproject fedora 33

fedoraproject fedora 34

debian debian linux 10.0

debian debian linux 11.0

Vendor Advisories

The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-30858 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited For the oldstable distribution (buster ...
The following vulnerabilities have been discovered in the wpewebkit web engine: CVE-2021-30858 An anonymous researcher discovered that processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited For the stable distribution (bullseye), ...
A use after free issue was addressed with improved memory management This issue is fixed in iOS 148 and iPadOS 148, macOS Big Sur 116 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited ...
A flaw was found in webkitgtk This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution (CVE-2021-30858) ...
A security issue has been found in WebKitGTK and WPE WebKit before 2324 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited ...
A use-after-free flaw was found in WebKitGTK Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed (CVE-2021-30809) A confusion type flaw was found in WebKitGTK Specially crafted web content could use this flaw to trigger an arbitrary code execution when processed (CVE-2021-30818) A logic issue ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-13-3 macOS Big Sur 116 macOS Big Sur 116 addresses the following issues Information about the security content is also available at supportapplecom/HT212804 CoreGraphics Available for: macOS Big Sur Impact: Processing a maliciously crafted PDF may lead to arbitrary co ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-13-1 iOS 148 and iPadOS 148 iOS 148 and iPadOS 148 addresses the following issues Information about the security content is also available at supportapplecom/HT212807 CoreGraphics Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-13-5 Safari 1412 Safari 1412 addresses the following issues Information about the security content is also available at supportapplecom/HT212808 WebKit Available for: macOS Catalina and macOS Mojave Impact: Processing maliciously crafted web content may lead to arbi ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-23-1 iOS 1255 iOS 1255 addresses the following issues Information about the security content is also available at supportapplecom/HT212824 CoreGraphics Available for: iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generat ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005 ------------------------------------------------------------------------ Date reported : September 20, 2021 Advisory ID : WSA-2021-0005 WebKitGTK Advisory URL : webkitgtko ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 148 and iPadOS 148 iOS 148 and iPadOS 148 addresses the following issues Information about the security content is also available at supportapplecom/HT212807 Bluetooth Available for: iPhone 6s and later, iPad ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006 ------------------------------------------------------------------------ Date reported : October 26, 2021 Advisory ID : WSA-2021-0006 WebKitGTK Advisory URL : webkitgtkorg ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 116 macOS Big Sur 116 addresses the following issues Information about the security content is also available at supportapplecom/HT212804 CoreGraphics Available for: macOS Big Sur Impact: Processing ...

Github Repositories

CVE-2021-30858 Poc -> By Sleirsgoevy All credit goes to Sleirsgoevy This for ps4 user below 900 who get SyntaxError

双击bat-delbat可删除更新历史 双击batbat不删除更新历史 1html 1545html 1775html 1851html 1915html 1924html 1999html 2201html 2204html CVE-2019-8689html CVE-2021-30858html

CVE-2021-30858 Exploit A use after free issue was addressed with improved memory management This issue is fixed in iOS 148 and iPadOS 148, macOS Big Sur 116 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited Windows Binary PoC /CVE-2021-30858exe will run the exploit

CVEREV3 Testing CVE-2021-30858 Rev3

CVE-202130858 (Meant for testing on iOS) Hi there! Thanks for testing out my first ever Github repository & attempt of an implementation of an iOS (and technically PS4) webkit exploit! So you are aware: I did not discover this exploit, and I also did not write most of this code So far, I have started off with modifying existing code to begin to learn how this all works

PS4-CVE-202130858 (Meant for testing on a Sony Playstation 4 of any flavor) Hi there! Thanks for testing out my second Github repository & attempt to implement of a Playstation 4 webkit vulnerability test! So you are aware: I did not discover this exploit, and I also did not write most of this code So far, I have started off with modifying existing code to begin to lea

ps4_800_vuln_poc My take on CVE-2021-30858 for ps4 8xx

ps4_8xx_vuln_poc My take on CVE-2021-30858 for ps4 8xx

# Exploring the Playstation 5 Security - Userland Introduction The PlayStation 5 was released on November 12th 2020 While it's similar to the PS4 in it's architecture, the security model is vastly improved on both kernel and userland fronts Below is some key system information on system software and some of the changes from the last generation Uses FreeBSD 11

# Exploring the Playstation 5 Security - Userland Introduction The PlayStation 5 was released on November 12th 2020 While it's similar to the PS4 in it's architecture, the security model is vastly improved on both kernel and userland fronts Below is some key system information on system software and some of the changes from the last generation Uses FreeBSD 11

PIA Ingresa el siguiente comando en tu terminal si tienes alguna duda acerca de las --flags que usa el script y para qué sirve cada una: $ python3 piapy -h Tabla de contenidos: Archivos Descripción mainpy Este archivo se usará para ejecutar todas las funciones del script que desees, aunque puedes usar el arch

PoC in GitHub 2021 CVE-2021-1056 (2021-01-07) NVIDIA GPU Display Driver for Linux, all versions, contains a vulnerability in the kernel mode layer (nvidiako) in which it does not completely honor operating system file system permissions to provide GPU device-level isolation, which may lead to denial of service or information disclosure pokerfaceSad/CVE-2021-1056 CVE-2021-

Recent Articles

Apple Patches 3 More Zero-Days Under Active Attack
Threatpost • Elizabeth Montalbano • 24 Sep 2021

Apple has patched three actively exploited zero-day security vulnerabilities in updates to iOS and macOS, one of which can allow an attacker to execute arbitrary code with kernel privileges.
Apple released two updates on Thursday: iOS 12.5.5, which patches three zero-days that affect older versions of iPhone and iPod devices, and Security Update 2021-006 Catalina for macOS Catalina, which patches one of same vulnerabilities, CVE-2021-30869, that also affects macOS.
The XNU kernel vul...

Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware
The Register • Thomas Claburn in San Francisco • 13 Sep 2021

Get our weekly newsletter Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well

Updated Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates.
A day before the iGiant is expected to announce the iPhone 13, it released updates for iOS 14.8 and iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6. Previous macOS releases Catalina (10.15) and Mojave (10.14) received updated v...

Apple fixes iOS zero-day used to deploy NSO iPhone spyware
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones.
The vulnerabilities are tracked as CVE-2021-30860 and CVE-2021-30858, and both allow maliciously crafted documents to execute commands when opened on vulnerable devices.
The CVE-2021-30860 CoreGraphics vulnerability is an integer overflow bug discovered by
that allow...