CVE-2021-30761

HIGH KEV

iPhone OS < 12.5.4 - Remote Code Execution via Maliciously Crafted Web Content

Title source: llm

Exploitation Summary

CVE-2021-30761 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021.

Description

A memory corruption issue was addressed with improved state management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

References (2)

Core 2

Core References

Release Notes, Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212548

Third Party Advisory, US Government Resource

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30761

Scores

CVSS v3 8.8

EPSS 0.0051

EPSS Percentile 66.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation active

Automatable no

Technical Impact total

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-06-14

InTheWild.io 2021-06-14

ENISA EUVD EUVD-2021-17678

CWE

CWE-787

Status published

Products (1)

apple/iphone_os < 12.5.4

Published Sep 08, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026