CVE-2021-30897

MEDIUM

macOS Monterey <12.0.1 - Info Disclosure

Title source: llm
STIX 2.1

Description

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.

References (3)

Core 3
Core References
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT212814
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT212815
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212869

Scores

CVSS v3 6.5
EPSS 0.0166
EPSS Percentile 74.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Details

Status published
Products (4)
apple/ipados < 15.0
apple/iphone_os < 15.0
apple/macos < 12.0.1
apple/tvos < 15.0
Published Aug 24, 2021
Tracked Since Feb 18, 2026