CVE-2021-30807

Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Related CPE's

o apple ipad_os ********

o apple iphone_os ********

o apple macos ********

o apple watchos ********

References

https://support.apple.com/en-us/HT212713

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212622

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212623

Release NotesVendor Advisory

CvssV3 impact

BaseSeverity	HIGH
ConfidentialityImpact	HIGH
AttackComplexity	LOW
Scope	UNCHANGED
AttackVector	LOCAL
AvailabilityImpact	HIGH
IntegrityImpact	HIGH
PrivilegesRequired	NONE
BaseScore	7.8
VectorString	CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Version	3.1
UserInteraction	REQUIRED

CvssV2 impact

AccessComplexity	MEDIUM
ConfidentialityImpact	COMPLETE
AvailabilityImpact	COMPLETE
IntegrityImpact	COMPLETE
BaseScore	9.3
VectorString	AV:N/AC:M/Au:N/C:C/I:C/A:C
Version	2.0
AccessVector	NETWORK
Authentication	NONE

Created by Yello

About Severity.io