CVE-2021-30883
Published: 24 August 2021
Summary
CVE-2021-30883 is a high-severity Out-of-bounds Write (CWE-787) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).
Operationally, ranked in the top 37.3% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).
Deeper analysis
A memory corruption vulnerability, tracked as CVE-2021-30883 and assigned CWE-787, was present in multiple Apple operating systems. The flaw stems from improper memory handling that could be triggered by an application, and it affects iOS and iPadOS prior to 15.0.2 and 14.8.1, macOS Monterey prior to 12.0.1, macOS Big Sur prior to 11.6.1, tvOS prior to 15.1, and watchOS prior to 8.1. The issue received a CVSS v3.1 score of 7.8.
An attacker who can supply a malicious application or document may exploit the flaw to achieve arbitrary code execution with kernel privileges. The attack vector is local and requires user interaction but no prior authentication, allowing a crafted file or app opened by the victim to compromise the system at the highest privilege level.
Apple has released security updates that address the vulnerability through improved memory handling. The fixes are documented in the vendor advisories available at the referenced support pages for each affected platform, and users are advised to install the updates for iOS 15.0.2, iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1, iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, and macOS Big Sur 11.6.1.
Apple has stated that it is aware of reports indicating the vulnerability may have been actively exploited in the wild prior to patching.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2021-17800
Vulnerability details
A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 15.0.2 and iPadOS 15.0.2, macOS Monterey 12.0.1, iOS 14.8.1 and iPadOS 14.8.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. An application may be…
more
able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
- CWE(s)
- KEV Date Added
- 23 May 2022
Related Threats
No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly requires memory protection mechanisms that would have blocked the out-of-bounds write and resulting kernel-level code execution.
Mandates timely application of the vendor patches that corrected the memory-handling flaw in all listed Apple platforms.
Requires integrity verification of software/firmware that can detect unauthorized modifications resulting from successful exploitation of the memory corruption.