CVE-2021-30846

HIGH

Safari < 15.0 - Remote Code Execution via Malicious Web Content

Title source: llm

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

References (18)

Core 18

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212807

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212814

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212819

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212815

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212816

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/10/26/9

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/10/27/1

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/10/27/2

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Oct/60

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Oct/62

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Oct/63

Mailing List, Third Party Advisory mailing-list x_refsource_fulldisc

http://seclists.org/fulldisclosure/2021/Oct/61

Mailing List mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2021/10/27/4

Vendor Advisory x_refsource_confirm

https://support.apple.com/kb/HT212869

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-4995

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2021/dsa-4996

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/

Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/

Scores

CVSS v3 7.8

EPSS 0.0042

EPSS Percentile 62.0%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CWE

CWE-787

Status published

Products (10)

apple/ipados < 14.8

apple/iphone_os < 14.8

apple/macos < 12.0.1

apple/safari < 15.0

apple/tvos < 15.0

apple/watchos < 8.0

debian/debian_linux 10.0

debian/debian_linux 11.0

fedoraproject/fedora 33

fedoraproject/fedora 34

Published Oct 19, 2021

Tracked Since Feb 18, 2026