CVE-2021-30797

HIGH

Apple OSes and Safari - Code Execution via Malicious Web Content

Title source: manual
STIX 2.1

Description

This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.

References (5)

Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212601
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212602
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212605
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212604
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212606

Scores

CVSS v3 8.8
EPSS 0.0185
EPSS Percentile 76.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

Status published
Products (6)
apple/ipados < 14.7
apple/iphone_os < 14.7
apple/macos < 11.5
apple/safari < 14.1.2
apple/tvos < 14.7
apple/watchos < 7.6
Published Sep 08, 2021
Tracked Since Feb 18, 2026