CVE-2021-30897

CVSS v3.1

6.5

Medium

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions macOS versions prior to 12.0.1

Description An issue existed in the specification for the resource timing API, which allowed a malicious website to exfiltrate data cross-origin. The specification was updated, and the updated specification was implemented to fix this issue.

Recommendations For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1 to resolve the issue. As a temporary workaround, consider restricting access to the resource timing API until the update is applied.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

ALSA-2022:1777

ALT-PU-2021-3571

ALT-PU-2022-2162

CESA-2022_1777

CVE-2021-30897

OPENSUSE-SU-2022:0182-1

OPENSUSE-SU-2022_0182-1

OPENSUSE-SU-2022_0182-2

RHSA-2022:1777

RHSA-2022_1777

RHSA-2025:10364

RLSA-2022:1777

SUSE-SU-2022:0142-1

SUSE-SU-2022:0182-1

SUSE-SU-2022:0182-2

SUSE-SU-2022:0183-1

Affected Products

Alt Linux

Almalinux

Centos

Apple Macos

Red Hat

Rocky Linux

Suse

CVE-2021-30897

Related Identifiers

Affected Products

References · 165