CVE-2021-30666
HIGH KEViOS 12.5.3 - Code Execution via Malicious Web Content
Title source: manualExploitation Summary
CVE-2021-30666 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.
Description
A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 12.5.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
References (2)
Core 2
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212341
Third Party Advisory, US Government Resource
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30666
Scores
CVSS v3
8.8
EPSS
0.0118
EPSS Percentile
79.2%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA SSVC
Vulnrichment
Exploitation
active
Automatable
no
Technical Impact
total
Details
CISA KEV
2021-11-03
VulnCheck KEV
2021-05-03
InTheWild.io
2021-05-03
ENISA EUVD
EUVD-2021-17583
CWE
CWE-119
Status
published
Products (1)
apple/iphone_os
< 12.5.3
Published
Sep 08, 2021
KEV Added
Nov 03, 2021
Tracked Since
Feb 18, 2026