{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "14.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-27T20:06:21.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212804"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30858", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.6"}]}}, {"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.8"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212804", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212804"}, {"name": "https://support.apple.com/en-us/HT212807", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4976"}, {"name": "https://support.apple.com/kb/HT212824", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:48:13.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212804"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}]}, {"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-30858", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:31:17.221055Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30858"}}}], "references": [{"url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30858", "tags": ["government-resource"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "timeline": [{"time": "2021-11-03T00:00:00+00:00", "lang": "en", "value": "CVE-2021-30858 added to CISA KEV"}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T23:25:37.307Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30858", "datePublished": "2021-08-24T18:49:23.000Z", "dateReserved": "2021-04-13T00:00:00.000Z", "dateUpdated": "2025-10-21T23:25:37.307Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"containers": {"cna": {"affected": [{"product": "macOS", "vendor": "Apple", "versions": [{"lessThan": "11.6", "status": "affected", "version": "unspecified", "versionType": "custom"}]}, {"product": "iOS", "vendor": "Apple", "versions": [{"lessThan": "14.8", "status": "affected", "version": "unspecified", "versionType": "custom"}]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}], "problemTypes": [{"descriptions": [{"description": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2021-10-27T20:06:21.000Z", "orgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "shortName": "apple"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212804"}, {"tags": ["x_refsource_MISC"], "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "product-security@apple.com", "ID": "CVE-2021-30858", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "macOS", "version": {"version_data": [{"version_affected": "<", "version_value": "11.6"}]}}, {"product_name": "iOS", "version": {"version_data": [{"version_affected": "<", "version_value": "14.8"}]}}]}, "vendor_name": "Apple"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}]}]}, "references": {"reference_data": [{"name": "https://support.apple.com/en-us/HT212804", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212804"}, {"name": "https://support.apple.com/en-us/HT212807", "refsource": "MISC", "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "refsource": "DEBIAN", "url": "https://www.debian.org/security/2021/dsa-4976"}, {"name": "https://support.apple.com/kb/HT212824", "refsource": "CONFIRM", "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "refsource": "FULLDISC", "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "refsource": "FEDORA", "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T22:48:13.458Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212804"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://support.apple.com/en-us/HT212807"}, {"name": "20210917 APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"name": "20210917 APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"name": "20210917 APPLE-SA-2021-09-13-5 Safari 14.1.2", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"name": "[oss-security] 20210920 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0005", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"name": "FEDORA-2021-c00e45b6c0", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"name": "20210921 APPLE-SA-2021-09-20-6 Additional information for APPLE-SA-2021-09-13-1 iOS 14.8 and iPadOS 14.8", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"name": "20210921 APPLE-SA-2021-09-20-7 Additional information for APPLE-SA-2021-09-13-3 macOS Big Sur 11.6", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"name": "DSA-4975", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"name": "DSA-4976", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://support.apple.com/kb/HT212824"}, {"name": "20210924 APPLE-SA-2021-09-23-1 iOS 12.5.5", "tags": ["mailing-list", "x_refsource_FULLDISC", "x_transferred"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"name": "FEDORA-2021-edf6957b7d", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"name": "[oss-security] 20211026 WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"name": "[oss-security] 20211027 Re: WebKitGTK and WPE WebKit Security Advisory WSA-2021-0006", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}]}, {"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 8.8, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2021-30858", "role": "CISA Coordinator", "options": [{"Exploitation": "active"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-01-29T17:31:17.221055Z"}}}, {"other": {"type": "kev", "content": {"dateAdded": "2021-11-03", "reference": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30858"}}}], "timeline": [{"time": "2021-11-03T00:00:00+00:00", "lang": "en", "value": "CVE-2021-30858 added to CISA KEV"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-416", "description": "CWE-416 Use After Free"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-01-29T17:26:09.066Z"}}]}, "cveMetadata": {"assignerOrgId": "286789f9-fbc2-4510-9f9a-43facdede74c", "assignerShortName": "apple", "cveId": "CVE-2021-30858", "datePublished": "2021-08-24T18:49:23.000Z", "dateReserved": "2021-04-13T00:00:00.000Z", "dateUpdated": "2025-07-30T01:38:03.726Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"cisaActionDue": "2021-11-17", "cisaExploitAdd": "2021-11-03", "cisaRequiredAction": "Apply updates per vendor instructions.", "cisaVulnerabilityName": "Apple iOS, iPadOS, macOS Use-After-Free Vulnerability", "configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "matchCriteriaId": "6B243B4E-56A5-4950-A291-13EF0E402185", "versionEndExcluding": "14.8", "versionStartIncluding": "13.1", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "5998D71C-A481-4F0C-AA06-B1FF0E6664A0", "versionEndExcluding": "12.5.5", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "matchCriteriaId": "478E12B4-50EB-4CB2-9C50-D8F08127FB12", "versionEndExcluding": "14.8", "versionStartIncluding": "13.0", "vulnerable": true}, {"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*", "matchCriteriaId": "5F52D69C-8621-4E01-ABDE-8473A590BCB6", "versionEndExcluding": "11.6", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*", "matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*", "matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*", "matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*", "matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited."}, {"lang": "es", "value": "Se ha solucionado un problema de uso despu\u00e9s de la liberaci\u00f3n con una mejor gesti\u00f3n de la memoria. Este problema se ha solucionado en iOS 14.8 y iPadOS 14.8, macOS Big Sur 11.6. El procesamiento de contenido web malicioso puede conducir a la ejecuci\u00f3n de c\u00f3digo arbitrario. Apple tiene conocimiento de un informe que indica que este problema puede haber sido explotado activamente."}], "id": "CVE-2021-30858", "lastModified": "2025-10-27T17:38:33.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 6.8, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2021-08-24T19:15:14.253", "references": [{"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"source": "product-security@apple.com", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}, {"source": "product-security@apple.com", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"source": "product-security@apple.com", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212804"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212807"}, {"source": "product-security@apple.com", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212824"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"source": "product-security@apple.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/25"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/29"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/38"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/39"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://seclists.org/fulldisclosure/2021/Sep/50"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/09/20/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/26/9"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List"], "url": "http://www.openwall.com/lists/oss-security/2021/10/27/4"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BO6DMTHZR57JDBOXPSNR2MKDMCRWV265/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XYNV7ASK4LQVAUMJXNXBS3Z7RVDQ2N3W/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212804"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/en-us/HT212807"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://support.apple.com/kb/HT212824"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4975"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Mailing List", "Third Party Advisory"], "url": "https://www.debian.org/security/2021/dsa-4976"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["US Government Resource"], "url": "https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30858"}], "sourceIdentifier": "product-security@apple.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-416"}], "source": "nvd@nist.gov", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-416"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2022:0059", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "webkitgtk4-0:2.28.2-3.el7", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2022-01-11T00:00:00Z"}, {"advisory": "RHSA-2021:4097", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "webkit2gtk3-0:2.30.4-3.el8_4", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2021-11-02T00:00:00Z"}, {"advisory": "RHSA-2021:4686", "cpe": "cpe:/a:redhat:rhel_eus:8.1", "package": "webkit2gtk3-0:2.24.4-4.el8_1", "product_name": "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date": "2021-11-16T00:00:00Z"}, {"advisory": "RHSA-2022:0075", "cpe": "cpe:/a:redhat:rhel_eus:8.2", "package": "webkit2gtk3-0:2.24.4-4.el8_2", "product_name": "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date": "2022-01-11T00:00:00Z"}], "bugzilla": {"description": "webkitgtk: Use-after-free leading to arbitrary code execution", "id": "2006099", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2006099"}, "csaw": false, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-416", "details": ["A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.", "A flaw was found in webkitgtk. This flaw could allow an attacker to use maliciously crafted web content leading to arbitrary code execution."], "mitigation": {"lang": "en:us", "value": "This flaw can be mitigated by either disabling JavaScript or by disabling IndexedDB"}, "name": "CVE-2021-30858", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Affected", "package_name": "webkitgtk", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Will not fix", "package_name": "webkitgtk3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "webkit2gtk3", "product_name": "Red Hat Enterprise Linux 9"}], "public_date": "2021-09-20T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2021-30858\nhttps://nvd.nist.gov/vuln/detail/CVE-2021-30858\nhttps://webkitgtk.org/security/WSA-2021-0005.html\nhttps://www.openwall.com/lists/oss-security/2021/09/20/1\nhttps://www.cisa.gov/known-exploited-vulnerabilities-catalog"], "statement": "This flaw is rated as having Moderate impact considering the ability of an attacker to perform arbitrary code execution is limited to cases where a web browser is involved. Red Hat expects customers to not feed untrusted input into WebKit.", "threat_severity": "Moderate"}

{}