CVE-2021-31008
HIGHSafari < 15.1 - Remote Code Execution via Type Confusion
Title source: llmDescription
A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 15.1, tvOS 15.1, iOS 15 and iPadOS 15, macOS Monterey 12.0.1, watchOS 8.1. Processing maliciously crafted web content may lead to code execution.
References (5)
Core 5
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212814
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212869
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212874
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212876
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212875
Scores
CVSS v3
8.8
EPSS
0.0124
EPSS Percentile
65.3%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Details
CWE
CWE-843
Status
published
Products (6)
apple/ipados
< 15.0
apple/iphone_os
< 15.0
apple/macos
12.0.0
apple/safari
< 15.1
apple/tvos
< 15.1
apple/watchos
< 8.1
Published
Aug 24, 2021
Tracked Since
Feb 18, 2026