Threat Intelligence / CVE / CVE-2021-30952

CVE-2021-30952

CISA KEV

CVSS 7.8 (HIGH) · EPSS 1.2% · Published 2021-08-24

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS v3 vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Weaknesses (CWE)

CWE-190

Threats tracking this CVE

Coruna iOS Exploit Kit — 23 Exploits Across 5 Chains Targeting iOS 13-17.2.1 (CVE-2021-30952, CVE-2023-41974, CVE-2023-43000 + 20 More) — CRITICAL

References

http://www.openwall.com/lists/oss-security/2022/01/21/2
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982
https://www.debian.org/security/2022/dsa-5060
https://www.debian.org/security/2022/dsa-5061

Full detection coverage & IOCs for threats exploiting CVE-2021-30952 are available via the Threadlinqs MCP server (Purple tier). View plans →

Markdown version · Threadlinqs Intelligence