PT-2021-7329 · Apple+7 · Watchos+11

Chijin Zhou

Published

2021-04-13

Updated

2023-01-09

CVE-2021-30889

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions macOS Monterey versions prior to 12.0.1 iOS versions prior to 15.1 iPadOS versions prior to 15.1 watchOS versions prior to 8.1 tvOS versions prior to 15.1

Description The issue is related to a buffer overflow problem due to inadequate input validation in the WPE WebKit web page rendering module. This can allow a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. The problem is associated with the processing of maliciously crafted web content, which may lead to arbitrary code execution.

Recommendations For macOS Monterey versions prior to 12.0.1, update to version 12.0.1 or later. For iOS versions prior to 15.1, update to version 15.1 or later. For iPadOS versions prior to 15.1, update to version 15.1 or later. For watchOS versions prior to 8.1, update to version 8.1 or later. For tvOS versions prior to 15.1, update to version 15.1 or later.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-120

Related Identifiers

ALSA-2022:1777

ALT-PU-2021-3571

ALT-PU-2022-2162

BDU:2022-05694

CESA-2022_1777

CVE-2021-30889

DSA-4995-1

DSA-4996-1

OPENSUSE-SU-2022:0182-1

OPENSUSE-SU-2022_0182-1

OPENSUSE-SU-2022_0182-2

RHSA-2022:1777

RHSA-2022_1777

RHSA-2025:10364

RLSA-2022:1777

SUSE-SU-2022:0142-1

SUSE-SU-2022:0182-1

SUSE-SU-2022:0182-2

SUSE-SU-2022:0183-1

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Apple Macos

Red Hat

Rocky Linux

Suse

Ios

Ipados

Tvos

Watchos

PT-2021-7329 · Apple+7 · Watchos+11

CVE-2021-30889

Weakness Enumeration

Related Identifiers

Affected Products

References · 186