CVE-2021-30661
HIGH KEVSafari < 14.1 - Use-After-Free via Maliciously Crafted Web Content
Title source: llmExploitation Summary
CVE-2021-30661 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
References (7)
Core 7
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212317
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212323
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212324
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212325
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212341
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212318
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30661
Scores
CVSS v3
8.8
EPSS
0.0005
EPSS Percentile
16.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-04-26
InTheWild.io
2021-04-26
ENISA EUVD
EUVD-2021-17578
CWE
CWE-416
Status
published
Products (6)
apple/ipados
< 14.5
apple/iphone_os
< 12.5.3
apple/macos
11.0 - 11.3
apple/safari
< 14.1
apple/tvos
< 14.5
apple/watchos
< 7.4
Published
Sep 08, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026