CVE-2021-30807

HIGH KEV

macOS Big Sur <11.5.1 - Memory Corruption

Title source: llm

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Exploits (3)

nomisec WORKING POC 131 stars

by jsherman212 · local

https://github.com/jsherman212/iomfb-exploit

View Code ZIP pw:eip

nomisec WORKING POC 5 stars

by 30440r · local

https://github.com/30440r/gex

View Code ZIP pw:eip

vulncheck_xdb WORKING POC

local

https://github.com/saaramar/IOMobileFrameBuffer_LPE_POC

View Code ZIP pw:eip

References (4)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT212622

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT212623

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT212713

[Third Party Advisory, US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30807

Scores

CVSS v3 7.8

EPSS 0.2445

EPSS Percentile 96.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-07-26

InTheWild.io 2021-07-26

ENISA EUVD EUVD-2021-17724

CWE

CWE-787

Status published

Products (4)

apple/ipados < 14.7.1

apple/iphone_os < 14.7.1

apple/macos < 11.5.1

apple/watchos < 7.6.1

Published Oct 19, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026