CVE-2021-30661
Summary
| CVE | CVE-2021-30661 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2021-09-08 15:15:00 UTC |
| Updated | 2021-09-20 12:26:00 UTC |
| Description | A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.. |
Risk And Classification
EPSS: 0.001460000 probability, percentile 0.348760000 (date 2026-04-01)
CISA KEV: Listed on 2021-11-03; due 2021-11-17; ransomware use Unknown
Problem Types: CWE-416
CISA Known Exploited Vulnerability
| Vendor | Apple |
|---|---|
| Product | Multiple Products |
| Name | Apple Multiple Products WebKit Storage Use-After-Free Vulnerability |
| Required Action | Apply updates per vendor instructions. |
| Notes | https://nvd.nist.gov/vuln/detail/CVE-2021-30661 |
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Apple | Ipados | All | All | All | All |
| Operating System | Apple | Iphone Os | All | All | All | All |
| Operating System | Apple | Macos | All | All | All | All |
| Application | Apple | Safari | All | All | All | All |
| Operating System | Apple | Tvos | All | All | All | All |
| Operating System | Apple | Watchos | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| About the security content of macOS Big Sur 11.3 - Apple Support | MISC | support.apple.com | |
| About the security content of watchOS 7.4 - Apple Support | MISC | support.apple.com | |
| About the security content of tvOS 14.5 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 12.5.3 - Apple Support | MISC | support.apple.com | |
| About the security content of iOS 14.5 and iPadOS 14.5 - Apple Support | MISC | support.apple.com | |
| About the security content of Safari 14.1 - Apple Support | MISC | support.apple.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
| CISA Known Exploited Vulnerabilities catalog | CISA | www.cisa.gov | kev |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 180472 Debian Security Update for wpewebkitwebkit2gtk (CVE-2021-30661)
- 296065 Oracle Solaris 11.4 Support Repository Update (SRU) 39.107.1 Missing (CPUOCT2021)
- 355438 Amazon Linux Security Advisory for webkitgtk4 : ALAS2-2023-2088
- 375503 Apple MacOS Big Sur 11.3 Not Installed (HT212325)
- 501938 Alpine Linux Security Update for webkit2gtk
- 505515 Alpine Linux Security Update for webkit2gtk
- 610334 Apple iOS 14.5 and iPadOS 14.5 Security Update Missing (HT212317)
- 610336 Apple iOS 12.5.3 Security Update Missing (HT212341)
- 710570 Gentoo Linux WebkitGTK+ Multiple Vulnerabilities (GLSA 202202-01)
- 751623 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0142-1)
- 751646 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0183-1)
- 751648 SUSE Enterprise Linux Security Update for webkit2gtk3 (SUSE-SU-2022:0182-1)
- 751659 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-1)
- 751755 OpenSUSE Security Update for webkit2gtk3 (openSUSE-SU-2022:0182-2)
- 960096 Rocky Linux Security Update for GNOME (RLSA-2021:1586)