PT-2021-5769 · Apple+8 · Webkit+14

Ivan Fratric

Published

2021-07-09

Updated

2021-11-09

CVE-2021-30797

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.7 Safari versions prior to 14.1.2 macOS Big Sur versions prior to 11.5 watchOS versions prior to 7.6 tvOS versions prior to 14.7

Description Processing maliciously crafted web content may lead to code execution. The issue is related to insufficient input validation in WebKit modules, which can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service using malicious web content.

Recommendations For iOS versions prior to 14.7, update to iOS 14.7 to resolve the issue. For Safari versions prior to 14.1.2, update to Safari 14.1.2 to resolve the issue. For macOS Big Sur versions prior to 11.5, update to macOS Big Sur 11.5 to resolve the issue. For watchOS versions prior to 7.6, update to watchOS 7.6 to resolve the issue. For tvOS versions prior to 14.7, update to tvOS 14.7 to resolve the issue.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4381

BDU:2022-00218

CESA-2021_4381

CVE-2021-30797

DSA-4945-1

MGASA-2021-0400

OPENSUSE-SU-2021:1101-1

OPENSUSE-SU-2021:2598-1

OPENSUSE-SU-2021_1101-1

OPENSUSE-SU-2021_2598-1

RHSA-2021:4381

RHSA-2021_4381

RHSA-2025:10364

RLSA-2021:4381

SUSE-SU-2021:2598-1

SUSE-SU-2021:2600-1

SUSE-SU-2021:2762-1

USN-5024-1

Affected Products

Almalinux

Astra Linux

Centos

Linuxmint

Apple Macos

Red Hat

Rocky Linux

Safari

Suse

Ubuntu

Webkit

Ios

Macos Big Sur

Tvos

Watchos

PT-2021-5769 · Apple+8 · Webkit+14

CVE-2021-30797

Weakness Enumeration

Related Identifiers

Affected Products

References · 168