PT-2021-5228 · Apple+7 · Watchos+13

Amar Menezes

·

Published

2021-09-20

·

Updated

2022-07-01

·

CVE-2021-30818

CVSS v2.0

9.3

High

VectorAV:N/AC:M/Au:N/C:C/I:C/A:C
Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.8 iPadOS versions prior to 14.8 tvOS versions prior to 15 watchOS versions prior to 8 Safari versions prior to 15
Description A type confusion issue was addressed with improved state handling. Processing maliciously crafted web content may lead to arbitrary code execution. This issue is related to errors in data type mixing in the WPE WebKit browser module for Safari in iOS, iPadOS, tvOS, watchOS, and macOS operating systems. Exploitation of this issue may allow a remote attacker to execute arbitrary code.
Recommendations For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later. For Safari versions prior to 15, update to Safari 15 or later.

Exploit

Fix

Type Confusion

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-843

Related Identifiers

ALSA-2022:1777
ALT-PU-2021-3571
ALT-PU-2022-2162
BDU:2021-06030
CESA-2022_1777
CVE-2021-30818
DSA-4995-1
DSA-4996-1
OPENSUSE-SU-2022:0182-1
OPENSUSE-SU-2022_0182-1
OPENSUSE-SU-2022_0182-2
RHSA-2022:1777
RHSA-2022_1777
RHSA-2025:10364
RLSA-2022:1777
SUSE-SU-2022:0142-1
SUSE-SU-2022:0182-1
SUSE-SU-2022:0182-2
SUSE-SU-2022:0183-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Webkit
Ios
Ipados
Tvos
Watchos