CVE-2021-30858
Published: 24 August 2021
Summary
CVE-2021-30858 is a high-severity Use After Free (CWE-416) vulnerability in Apple Iphone Os. Its CVSS base score is 8.8 (High).
Operationally, ranked in the top 25.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A use-after-free vulnerability, tracked as CVE-2021-30858 and assigned CWE-416, stems from insufficient memory management when processing web content. The flaw affects WebKit in iOS versions prior to 14.8, iPadOS versions prior to 14.8, and macOS Big Sur versions prior to 11.6.
An unauthenticated remote attacker can trigger the issue by causing a victim to process maliciously crafted web content, resulting in arbitrary code execution. The CVSS 3.1 score of 8.8 reflects a network attack vector with low complexity, required user interaction, and high impact across confidentiality, integrity, and availability.
Apple released fixes in iOS 14.8, iPadOS 14.8, and macOS Big Sur 11.6. The vendor states it is aware of reports that the vulnerability has been actively exploited in the wild.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-17775
Vulnerability details
A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of…
more
a report that this issue may have been actively exploited.
- CWE(s)
- KEV Date Added
- 03 November 2021
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires memory protection mechanisms that address use-after-free flaws (CWE-416) during WebKit content processing.
Mandates timely application of vendor patches that remediate the WebKit use-after-free vulnerability before exploitation.
Enforces malicious-code detection and blocking on web content that could otherwise trigger the memory-corruption exploit.