Cyber Resilience

CVE-2021-30807

HighCISA KEVActive ExploitationEUVD Exploited

Published: 19 October 2021

Published
19 October 2021
Modified
23 October 2025
KEV Added
03 November 2021
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.2103 95.8th percentile
Risk Priority 48 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-30807 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 4.2% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A memory corruption vulnerability, tracked as CVE-2021-30807 and assigned CWE-787, affects multiple Apple platforms due to insufficient memory handling. The flaw impacts macOS Big Sur prior to version 11.5.1, iOS and iPadOS prior to 14.7.1, and watchOS prior to 7.6.1, with a CVSS v3.1 base score of 7.8 reflecting local attack vector, low complexity, and no required privileges.

An unauthenticated local attacker can exploit the issue by convincing a user to run a malicious application, resulting in arbitrary code execution with kernel-level privileges on the affected device. The attack requires user interaction but does not need elevated permissions beforehand.

Apple security advisories for the listed platform updates state that the issue has been resolved through improved memory handling in the patched releases. The references point to official support documents detailing the affected versions and corresponding fixes.

Apple has indicated awareness of reports that this vulnerability may have been actively exploited in the wild prior to patching.

EU & UK References

Vulnerability details

A memory corruption issue was addressed with improved memory handling. This issue is fixed in macOS Big Sur 11.5.1, iOS 14.7.1 and iPadOS 14.7.1, watchOS 7.6.1. An application may be able to execute arbitrary code with kernel privileges. Apple is…

more

aware of a report that this issue may have been actively exploited.

CWE(s)
KEV Date Added
03 November 2021

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 14.7.1
apple
iphone os
≤ 14.7.1
apple
macos
≤ 11.5.1
apple
watchos
≤ 7.6.1

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly implements memory protections (e.g., ASLR, guard pages) that mitigate the exact memory corruption flaw (CWE-787) exploited for kernel code execution.

prevent

Requires timely installation of the vendor patches that Apple released to correct the insufficient memory handling in this CVE.

prevent

Blocks or detects execution of the malicious application needed to trigger the local memory-corruption exploit.

References