PT-2021-5281 · Apple+7 · Ipados+12

Published

2021-09-20

Updated

2022-07-01

CVE-2021-30809

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Safari versions prior to 15 tvOS versions prior to 15 watchOS versions prior to 8 iOS versions prior to 15 iPadOS versions prior to 15

Description A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to the WPE WebKit browser module and is associated with the use of memory after it has been freed. Exploitation of the issue may allow a remote attacker to execute arbitrary code.

Recommendations For Safari versions prior to 15, update to Safari 15 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later. For iOS versions prior to 15, update to iOS 15 or later. For iPadOS versions prior to 15, update to iPadOS 15 or later.

Exploit

Fix

Use After Free

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-416

Related Identifiers

ALSA-2022:1777

ALT-PU-2021-3571

ALT-PU-2022-2162

BDU:2021-06107

CESA-2022_1777

CVE-2021-30809

DSA-4975-1

DSA-4976-1

OPENSUSE-SU-2022:0182-1

OPENSUSE-SU-2022_0182-1

OPENSUSE-SU-2022_0182-2

RHSA-2022:1777

RHSA-2022_1777

RHSA-2025:10364

RLSA-2022:1777

SUSE-SU-2022:0142-1

SUSE-SU-2022:0182-1

SUSE-SU-2022:0182-2

SUSE-SU-2022:0183-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ios

Ipados

Tvos

Watchos

PT-2021-5281 · Apple+7 · Ipados+12

CVE-2021-30809

Weakness Enumeration

Related Identifiers

Affected Products

References · 182