CVE-2021-30663
HIGH KEVApple OSes and Safari - Code Execution via Malicious Web Content
Title source: manualExploitation Summary
CVE-2021-30663 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
References (6)
Core 6
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212532
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212534
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212341
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212335
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212336
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30663
Scores
CVSS v3
8.8
EPSS
0.0088
EPSS Percentile
75.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-05-03
InTheWild.io
2021-05-03
ENISA EUVD
EUVD-2021-17580
CWE
CWE-190
Status
published
Products (5)
apple/ipados
14.0 - 14.5.1
apple/iphone_os
< 12.5.3
apple/macos
11.0 - 11.3.1
apple/safari
< 14.1.1
apple/tvos
< 14.6
Published
Sep 08, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026