Vulmon Recent Vulnerabilities Product List Research Posts Trends Blog About Contact
7.8
CVSSv3

CVE-2021-30883

Published: 24/08/2021 Updated: 07/11/2023
CVSS v2 Base Score: 9.3 | Impact Score: 10 | Exploitability Score: 8.6
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
VMScore: 829
Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C

Vulnerability Summary

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple macos 12.0

apple iphone os 15.0

apple ipad os

apple iphone os

apple macos

apple tvos

apple watchos

apple iphone os 15.0.1

apple ipados 15.0

apple ipados 15.0.1

Mailing Lists

Full Disclosure: APPLE-SA-2021-10-26-7 tvOS 15.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-7 tvOS 151 tvOS 151 addresses the following issues Information about the security content is also available at supportapplecom/HT212876 Audio Available for: Apple TV 4K and Apple TV HD Impact: A malicious application may be able to elevate privileges Description: A ...
Full Disclosure: APPLE-SA-2021-10-26-2 iOS 14.8.1 and iPadOS 14.8.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-2 iOS 1481 and iPadOS 1481 iOS 1481 and iPadOS 1481 addresses the following issues Information about the security content is also available at supportapplecom/HT212868 Audio Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad ...
Full Disclosure: APPLE-SA-2021-10-26-4 macOS Big Sur 11.6.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-4 macOS Big Sur 1161 macOS Big Sur 1161 addresses the following issues Information about the security content is also available at supportapplecom/HT212872 AppleScript Available for: macOS Big Sur Impact: Processing a maliciously crafted AppleScript binary may re ...
Full Disclosure: APPLE-SA-2021-10-26-6 watchOS 8.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-6 watchOS 81 watchOS 81 addresses the following issues Information about the security content is also available at supportapplecom/HT212874 Audio Available for: Apple Watch Series 3 and later Impact: A malicious application may be able to elevate privileges Descrip ...
Full Disclosure: APPLE-SA-2021-10-11-1 iOS 15.0.2 and iPadOS 15.0.2
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-11-1 iOS 1502 and iPadOS 1502 iOS 1502 and iPadOS 1502 addresses the following issues Information about the security content is also available at supportapplecom/HT212846 IOMobileFrameBuffer Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 a ...
Full Disclosure: APPLE-SA-2021-10-26-3 macOS Monterey 12.0.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-10-26-3 macOS Monterey 1201 macOS Monterey 1201 addresses the following issues Information about the security content is also available at supportapplecom/HT212869 AppKit Available for: Mac Pro (2013 and later), MacBook Air (Early 2015 and later), MacBook Pro (Early 20 ...

Github Repositories

https://github.com/saaramar/IOMFB_integer_overflow_poc

Bindiff and POC for the IOMFB vulnerability, iOS 1502 A short blogpost about CVE-2021-30883, patched in iOS 1502 Blogpost is here

https://github.com/nanerasingh/IOMFB_integer_overflow_poc

Bindiff and POC for the IOMFB vulnerability, iOS 1502 A short blogpost about CVE-2021-30883, patched in iOS 1502 Blogpost is here

https://github.com/nanerasingh/IOMFB_integer_overflow_poc1

Bindiff and POC for the IOMFB vulnerability, iOS 1502 A short blogpost about CVE-2021-30883, patched in iOS 1502 Blogpost is here

https://github.com/30440r/gexo

Gexo is an ????-tethered (probably has to be rootless) iOS 15, 15.0.1, ~~15.0.2~~, 15.1 Beta 3, 15.1, & 15.1.1 jailbreak

Gexo (previously Fugu15) - ????-??tethered iOS 15 Jailbreak Gexo is an (most definitely incomplete) iOS 15 Jailbreak, using bind mounts (thanks siguza) or being rootless The CVE numbers of the vulnerabilities I used are: CVE-2021-30883 & CVE-2021-30955 Supported Devices/iOS Versions Gexo should support all arm64e devices (iPhone XS and newer) on iOS 15, 1501, 1502

Recent Articles

Microsoft Patch Tuesday bug harvest festival comes to town
The Register • Thomas Claburn in San Francisco • 12 Oct 2021

Get our weekly newsletter With 71 new CVEs, there are patches enough for everyone

Microsoft's October Patch Tuesday has arrived with fixes for 71 new CVEs, two patch revisions to address bugs from previous months that just won't die, and three CVEs tied to OpenSSL flaws. That's in addition to eight Edge-Chromium CVEs dealt with earlier this month. Two of the fresh bugs are rated Critical, 68 are designated Important, and one is rated Low severity. Four among the overall October harvest have been publicly disclosed, including one from July, an Azure AD security feature bypass ...

Read more...
Apple patches 'actively exploited' iPhone zero-day with iOS 15.0.2 update
The Register • Gareth Corfield • 12 Oct 2021

Get our weekly newsletter Tech breakdown and proof-of-concept code is already out there

If you're using an iPhone, install the iOS 15.0.2 update immediately: Apple has warned that the latest OS upgrade patches an "actively exploited" zero-day. Described as a "memory corruption issue" by Apple, the vuln is present within the IOMobileFrameBuffer kernel extension, used for managing display memory. Malicious applications are said to be capable of triggering an integer overflow in the framebuffer, permitting execution of arbitrary code with kernel privileges. The bug, publicly tracked a...

Read more...
Google: How we tackled this iPhone, Android spyware
The Register • Jessica Lyons Hardcastle • 01 Jan 1970

Topics Security Off-Prem On-Prem Software Offbeat Vendor Voice Vendor Voice Resources Watching people's every move and collecting their info – not on our watch, says web ads giant

Spyware developed by Italian firm RCS Labs was used to target cellphones in Italy and Kazakhstan — in some cases with an assist from the victims' cellular network providers, according to Google's Threat Analysis Group (TAG). RCS Labs customers include law-enforcement agencies worldwide, according to the vendor's website. It's one of more than 30 outfits Google researchers are tracking that sell exploits or surveillance capabilities to government-backed groups. And we're told this particular sp...

Read more...

References

CWE-787https://support.apple.com/en-us/HT212869https://support.apple.com/en-us/HT212872https://support.apple.com/en-us/HT212846https://support.apple.com/en-us/HT212868https://support.apple.com/en-us/HT212874https://support.apple.com/en-us/HT212876https://nvd.nist.govhttps://github.com/saaramar/IOMFB_integer_overflow_pochttps://github.com/30440r/gexohttps://www.theregister.co.uk/2021/10/12/microsoft_patch_tuesday/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-0044remote code executionCVE-2024-37080CVE-2024-5182CVE-2024-4390CVE-2024-6100brute forceCVE-2021-47581file inclusion
Vulmon Logo Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Product List Vendor List Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook