{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "14.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-27T20:06:21.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212804"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30858", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.6"}]}}, {"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.8"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212804", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212804"}, {"name": "https://support.apple.com/en-us/HT212807", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4976"}, {"name": "https://support.apple.com/kb/HT212824", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:48:13.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212804"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}]}, {"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-416", "lang": "en", "description": "CWE-416 Use After Free"}]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-01-29T17:31:17.221055Z", "id": "CVE-2021-30858", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30858"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:31:20.214Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30858", "datePublished": "2021-08-24T18:49:23.000Z", "dateReserved": "2021-04-13T00:00:00.000Z", "dateUpdated": "2025-01-29T17:31:20.214Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://support.apple.com/en-us/HT212804", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "https://support.apple.com/en-us/HT212807", "tags": ["x_refsource_MISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/27", "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/25", "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/29", "name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/09/20/1", "name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/", "name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/38", "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/39", "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://www.debian.org/security/2021/dsa-4975", "name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://www.debian.org/security/2021/dsa-4976", "name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"]}, {"url": "https://support.apple.com/kb/HT212824", "tags": ["x_refsource_CONFIRM", "x_transferred"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/50", "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/", "name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9", "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"]}], "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:48:13.458Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-30858", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:31:17.221055Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?search_api_fulltext=CVE-2021-30858"}}}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:26:09.066Z"}}], "cna": {"affected": [{"vendor": "Apple", "product": "macOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "11.6", "versionType": "custom"}]}, {"vendor": "Apple", "product": "iOS", "versions": [{"status": "affected", "version": "unspecified", "lessThan": "14.8", "versionType": "custom"}]}], "references": [{"url": "https://support.apple.com/en-us/HT212804", "tags": ["x_refsource_MISC"]}, {"url": "https://support.apple.com/en-us/HT212807", "tags": ["x_refsource_MISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/27", "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/25", "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/29", "name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/09/20/1", "name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/", "name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/38", "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/39", "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://www.debian.org/security/2021/dsa-4975", "name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://www.debian.org/security/2021/dsa-4976", "name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN"]}, {"url": "https://support.apple.com/kb/HT212824", "tags": ["x_refsource_CONFIRM"]}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/50", "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC"]}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/", "name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9", "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"]}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}], "providerMetadata": {"orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple", "dateUpdated": "2021-10-27T20:06:21.000Z"}, "x_legacyV4Record": {"affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"version": {"version_data": [{"version_value": "11.6", "version_affected": "<"}]}, "product_name": "macOS"}, {"version": {"version_data": [{"version_value": "14.8", "version_affected": "<"}]}, "product_name": "iOS"}]}, "vendor_name": "Apple"}]}}, "data_type": "CVE", "references": {"reference_data": [{"url": "https://support.apple.com/en-us/HT212804", "name": "https://support.apple.com/en-us/HT212804", "refsource": "MISC"}, {"url": "https://support.apple.com/en-us/HT212807", "name": "https://support.apple.com/en-us/HT212807", "refsource": "MISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/27", "name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/25", "name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/29", "name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "refsource": "FULLDISC"}, {"url": "http://www.openwall.com/lists/oss-security/2021/09/20/1", "name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "refsource": "MLIST"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/", "name": "FEDORA-2021-c00e45b6c0", "refsource": "FEDORA"}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/38", "name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC"}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/39", "name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC"}, {"url": "https://www.debian.org/security/2021/dsa-4975", "name": "DSA-4975", "refsource": "DEBIAN"}, {"url": "https://www.debian.org/security/2021/dsa-4976", "name": "DSA-4976", "refsource": "DEBIAN"}, {"url": "https://support.apple.com/kb/HT212824", "name": "https://support.apple.com/kb/HT212824", "refsource": "CONFIRM"}, {"url": "http://seclists.org/fulldisclosure/2021/Sep/50", "name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "refsource": "FULLDISC"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/", "name": "FEDORA-2021-edf6957b7d", "refsource": "FEDORA"}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/26/9", "name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/1", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/2", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST"}, {"url": "http://www.openwall.com/lists/oss-security/2021/10/27/4", "name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "eng", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2021-30858", "STATE": "PUBLIC", "ASSIGNER": "product-security@apple.com"}}}}, "cveMetadata": {"cveId": "CVE-2021-30858", "state": "PUBLISHED", "dateUpdated": "2025-01-29T17:31:20.214Z", "dateReserved": "2021-04-13T00:00:00.000Z", "assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "datePublished": "2021-08-24T18:49:23.000Z", "assignerShortName": "apple"}, "dataVersion": "5.1"}

{"cisaActionDue": "2021-11-17", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple iOS, iPadOS, macOS Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B243B4E-56A5-4950-A291-13EF0E402185", "versionEndExcluding": "14.8", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5998D71C-A481-4F0C-AA06-B1FF0E6664A0", "versionEndExcluding": "12.5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "478E12B4-50EB-4CB2-9C50-D8F08127FB12", "versionEndExcluding": "14.8", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F52D69C-8621-4E01-ABDE-8473A590BCB6", "versionEndExcluding": "11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}, {"lang": "es", "value": "Se ha solucionado un problema de uso despu\u00e9s de la liberaci\u00f3n con una mejor gesti\u00f3n de la memoria. Este problema se ha solucionado en iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6. El procesamiento de contenido web malicioso puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente."}], "id": "CVE-2021-30858", "lastModified": "2025-01-29T18:15:42.010", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-08-24T19:15:14.253", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}, {"source": "product-security@apple.com", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"source": "product-security@apple.com", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212804"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212807"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212824"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4976"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0059", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "webkitgtk4-0:2.28.2-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-01-11T00:00:00Z"}, {"advisory": "RHSA-2021:4097", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.30.4-3.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-02T00:00:00Z"}, {"advisory": "RHSA-2021:4686", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "webkit2gtk3-0:2.24.4-4.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-11-16T00:00:00Z"}, {"advisory": "RHSA-2022:0075", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "webkit2gtk3-0:2.24.4-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-01-11T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Use-after-free leading to arbitrary code execution", "id": "2006099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006099"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by either disabling JavaScript or by disabling IndexedDB"}, "name": "CVE-2021-30858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-09-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-30858\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30858\nhttps://webkitgtk.org/security/WSA-2021-0005.html\nhttps://www.openwall.com/lists/oss-security/2021/09/20/1\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This flaw is rated as having Moderate impact considering the ability of an attacker to perform arbitrary code execution is limited to cases where a web browser is involved. Red Hat expects customers to not feed untrusted input into WebKit.", "threat_severity": "Moderate", "upstream_fix": "webkitgtk 2.32.4"}