Cyber Resilience

CVE-2021-30983

HighCISA KEVActive ExploitationEUVD Exploited

Published: 24 August 2021

Published
24 August 2021
Modified
23 October 2025
KEV Added
27 June 2022
Patch
CVSS Score v3.1 7.8 CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
EPSS Score 0.0050 66.4th percentile
Risk Priority 36 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2021-30983 is a high-severity Classic Buffer Overflow (CWE-120) vulnerability in Apple Ipados. Its CVSS base score is 7.8 (High).

Operationally, ranked in the top 33.6% of CVEs by exploit likelihood; CISA has added it to the Known Exploited Vulnerabilities catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-16 (Memory Protection) and SI-2 (Flaw Remediation).

Deeper analysis

A buffer overflow vulnerability, tracked as CVE-2021-30983 and assigned CWE-120, was present in iOS and iPadOS prior to versions 15.2. The flaw stems from insufficient memory handling and received a CVSS v3.1 score of 7.8. Successful exploitation enables an application to execute arbitrary code with kernel privileges.

The attack requires local access with no privileges but does involve user interaction, allowing a malicious application to achieve full kernel-level code execution on the device.

Apple addressed the issue through improved memory handling in the iOS 15.2 and iPadOS 15.2 releases, as detailed in HT212976. The vulnerability also appears in CISA's catalog of known exploited vulnerabilities, confirming real-world exploitation activity.

EU & UK References

Vulnerability details

A buffer overflow issue was addressed with improved memory handling. This issue is fixed in iOS 15.2 and iPadOS 15.2. An application may be able to execute arbitrary code with kernel privileges.

CWE(s)
KEV Date Added
27 June 2022

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

apple
ipados
≤ 15.2
apple
iphone os
≤ 15.2

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly enforces memory protections that mitigate buffer overflows (CWE-120) and prevent arbitrary kernel code execution from malicious apps.

prevent

Requires timely application of patches that remediate the specific memory-handling flaw fixed in iOS/iPadOS 15.2.

preventdetect

Verifies software/firmware integrity to detect or block exploitation attempts that rely on unauthorized code execution at kernel level.

References