CVE-2021-30795

HIGH

Safari < 14.1.2 - Use-After-Free via Malicious Web Content

Title source: llm
STIX 2.1

Description

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to arbitrary code execution.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212601
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212602
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212605
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212604
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212606

Scores

CVSS v3 8.8
EPSS 0.0209
EPSS Percentile 79.4%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE
CWE-416
Status published
Products (5)
apple/iphone_os < 14.7
apple/macos 11.0 - 11.5
apple/safari < 14.1.2
apple/tvos < 14.7
apple/watchos < 7.6
Published Sep 08, 2021
Tracked Since Feb 18, 2026