CVE-2021-30883

HIGH KEV

Apple <15.0.2-14.8.1 - Memory Corruption

Title source: llm

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..

Exploits (1)

vulncheck_xdb WORKING POC

local

https://github.com/saaramar/IOMFB_integer_overflow_poc

View Code ZIP pw:eip

References (7)

[Vendor Advisory] https://support.apple.com/en-us/HT212846

[Vendor Advisory] https://support.apple.com/en-us/HT212868

[Vendor Advisory] https://support.apple.com/en-us/HT212869

[Vendor Advisory] https://support.apple.com/en-us/HT212872

[Vendor Advisory] https://support.apple.com/en-us/HT212874

[Vendor Advisory] https://support.apple.com/en-us/HT212876

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30883

Scores

CVSS v3 7.8

EPSS 0.0036

EPSS Percentile 58.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Details

CISA KEV 2022-05-23

VulnCheck KEV 2021-10-11

InTheWild.io 2021-10-11

ENISA EUVD EUVD-2021-17800

CWE

CWE-787

Status published

Products (6)

apple/ipados < 14.8.1

apple/iphone_os < 14.8.1

apple/macos 12.0

apple/macos 11.0 - 11.6.1

apple/tvos < 15.1

apple/watchos < 8.1

Published Aug 24, 2021

KEV Added May 23, 2022

Tracked Since Feb 18, 2026