6.8
CVSSv2

CVE-2021-30858

Published: 24/08/2021 Updated: 21/09/2021
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

Apple iOS 14.8 and iPadOS 14.8 update: A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. Updates are Available for iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple ipados

apple iphone os

apple macos

Vendor Advisories

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...

Github Repositories

CVE-2021-30858 Exploit A use after free issue was addressed with improved memory management This issue is fixed in iOS 148 and iPadOS 148, macOS Big Sur 116 Processing maliciously crafted web content may lead to arbitrary code execution Apple is aware of a report that this issue may have been actively exploited Windows Binary PoC /CVE-2021-30858exe will run the exploit

Recent Articles

Apple emergency patches fix zero-click iMessage bug used to inject NSO spyware
The Register • Thomas Claburn in San Francisco • 13 Sep 2021

Get our weekly newsletter Separate flaw in WebKit also under attack squashed, too – and two zero-days in Chrome, as well

Updated Apple on Monday issued security patches for its mobile and desktop operating systems, and for its WebKit browser engine, to address two security flaws, at least one of which was, it is said, used by autocratic governments to spy on human rights advocates.
A day before the iGiant is expected to announce the iPhone 13, it released updates for iOS 14.8 and iPadOS 14.8, watchOS 7.6.2, and macOS Big Sur 11.6. Previous macOS releases Catalina (10.15) and Mojave (10.14) received updated v...

Apple fixes iOS zero-day used to deploy NSO iPhone spyware
BleepingComputer • Lawrence Abrams • 01 Jan 1970

Apple has released security updates to fix two zero-day vulnerabilities that have been seen exploited in the wild to attack iPhones and Macs. One is known to be used to install the Pegasus spyware on iPhones.
The vulnerabilities are tracked as CVE-2021-30860 and CVE-2021-30858, and both allow maliciously crafted documents to execute commands when opened on vulnerable devices.
The CVE-2021-30860 CoreGraphics vulnerability is an integer overflow bug discovered by
that allow...