CVE-2021-30682

MEDIUM

tvOS <14.6-iPadOS <14.6-macOS <11.4-watchOS <7.5 - Info Disclosure

Title source: llm

Description

A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak sensitive user information.

Exploits (1)

nomisec WORKING POC 9 stars

by threatnix · poc

https://github.com/threatnix/csp-playground

View Code ZIP pw:eip

References (5)

Core 5

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212528

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212529

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212532

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212533

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212534

Scores

CVSS v3 5.5

EPSS 0.0037

EPSS Percentile 58.9%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Status published

Products (6)

apple/ipados < 14.6

apple/iphone_os < 14.6

apple/macos 11.0 - 11.4

apple/safari < 14.1.1

apple/tvos < 14.6

apple/watchos < 7.5

Published Sep 08, 2021

Tracked Since Feb 18, 2026