CVE-2021-30761

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 12.5.4

Description A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited. The issue is related to a buffer overflow when handling HTML content, which can allow a remote attacker to execute arbitrary code using a specially crafted malicious website.

Recommendations For versions prior to 12.5.4, update to iOS 12.5.4 to resolve the issue. As a temporary workaround, consider restricting access to malicious web content to minimize the risk of exploitation. Avoid using the affected WebKit module until the issue is resolved.

Exploit

Fix

Buffer Overflow

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119CWE-787

Related Identifiers

ALSA-2020:4451

BDU:2021-06255

CESA-2020_4035

CESA-2020_4451

CVE-2021-30761

DSA-4558-1

OPENSUSE-SU-2022:0182-1

OPENSUSE-SU-2022_0182-1

OPENSUSE-SU-2022_0182-2

RHSA-2020:4035

RHSA-2020:4451

RHSA-2020_4035

RHSA-2020_4451

RHSA-2025:10364

RLSA-2020:4451

RLSA-2020_4451

SUSE-SU-2022:0142-1

SUSE-SU-2022:0182-1

SUSE-SU-2022:0182-2

SUSE-SU-2022:0183-1

Affected Products

Almalinux

Centos

Red Hat

Rocky Linux

Suse

Webkit

Ios

CVE-2021-30761

Weakness Enumeration

Related Identifiers

Affected Products

References · 270