CVE-2021-30860

HIGH KEV

Apple iOS/iPadOS/macOS - Integer Overflow in PDF Processing

Title source: llm

Exploitation Summary

CVE-2021-30860 is actively exploited and listed in the CISA Known Exploited Vulnerabilities (KEV) catalog, added November 3, 2021. EIP tracks 2 public exploits from researchers including jeffssh, Levilutz.

AI-analyzed exploit summary This repository contains a functional exploit for CVE-2021-30860, a JBIG2-based vulnerability in iOS. The exploit leverages heap manipulation and bitwise operations to achieve arbitrary code execution, with detailed constants and encoded payloads for the attack.

Description

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Exploits (2)

nomisec WORKING POC 100 stars

by jeffssh · poc

https://github.com/jeffssh/CVE-2021-30860

View Code ZIP pw:eip

This repository contains a functional exploit for CVE-2021-30860, a JBIG2-based vulnerability in iOS. The exploit leverages heap manipulation and bitwise operations to achieve arbitrary code execution, with detailed constants and encoded payloads for the attack.

Classification

Working Poc 95%

Attack Type

Rce

Complexity

Complex

Reliability

Reliable

Target: iOS (JBIG2 decoder, likely in WebKit or PDF rendering)

No auth needed

Prerequisites: Target device running vulnerable iOS version (likely 14.4 or earlier) · Ability to deliver malicious JBIG2-encoded content (e.g., via PDF or webpage)

MITRE ATT&CK

T1068 - Exploitation for Privilege Escalation T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec SCANNER 11 stars

by Levilutz · poc

https://github.com/Levilutz/CVE-2021-30860

View Code ZIP pw:eip

This repository provides a scanner to detect evidence of past exploitation of CVE-2021-30860 (FORCEDENTRY) on macOS and iOS devices. It checks for malicious PDF/PSD files disguised as GIFs and SQL database inconsistencies left by the NSO Group's exploit.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Moderate

Reliability

Reliable

Target: Apple macOS (11.0+), iOS (backups)

No auth needed

Prerequisites: Access to macOS/iOS device or unencrypted iPhone backup · Python 3.9+ · iPhone backup tools (for iOS scans)

MITRE ATT&CK