CVE-2021-30665
📋 TL;DR
This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects multiple Apple operating systems and devices, and Apple has confirmed active exploitation in the wild.
💻 Affected Systems
- iPhone
- iPad
- Apple Watch
- Apple TV
- Mac computers
📦 What is this software?
Ipados by Apple
Macos by Apple
macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...
Learn more about Macos →Tvos by Apple
Watchos by Apple
⚠️ Risk & Real-World Impact
Worst Case
Complete system compromise via remote code execution, allowing attackers to install malware, steal data, or create persistent backdoors on affected devices.
Likely Case
Attackers deliver malicious web content via phishing or compromised websites to execute code on victim devices, potentially leading to data theft or further network compromise.
If Mitigated
With proper patching and web content filtering, risk is limited to unpatched systems accessing malicious content through unmonitored channels.
🎯 Exploit Status
Apple confirmed active exploitation. Exploitation requires user interaction to visit malicious website but no authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: watchOS 7.4.1, iOS 14.5.1, iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1
Vendor Advisory: https://support.apple.com/en-us/HT212335
Restart Required: Yes
Instructions:
1. Go to Settings > General > Software Update on iOS/iPadOS/watchOS/tvOS devices. 2. For macOS, go to System Preferences > Software Update. 3. Download and install the latest available update. 4. Restart device after installation completes.
🔧 Temporary Workarounds
Web Content Filtering
allBlock access to untrusted websites and implement web filtering to prevent loading of malicious content.
Disable JavaScript
allTemporarily disable JavaScript in Safari/WebKit browsers to reduce attack surface (breaks many websites).
🧯 If You Can't Patch
- Implement strict web content filtering and block access to untrusted websites
- Isolate vulnerable devices from critical network segments and monitor for suspicious web traffic
🔍 How to Verify
Check if Vulnerable:
Check current OS version against affected versions list. On iOS/iPadOS: Settings > General > About > Version. On macOS: Apple menu > About This Mac.Check Version:
iOS/iPadOS/watchOS/tvOS: No command line. macOS: sw_vers -productVersionVerify Fix Applied:
Verify OS version matches or exceeds patched versions: watchOS 7.4.1+, iOS 14.5.1+, iPadOS 14.5.1+, tvOS 14.6+, iOS 12.5.3+, macOS Big Sur 11.3.1+.📡 Detection & Monitoring
Log Indicators:
- Safari/WebKit crashes, unexpected process terminations, suspicious web content loading
Network Indicators:
- Connections to known malicious domains, unusual outbound traffic from Apple devices
SIEM Query:
source="*safari*" OR source="*webkit*" AND (event="crash" OR event="termination")🔗 References
- https://support.apple.com/en-us/HT212335
- https://support.apple.com/en-us/HT212336
- https://support.apple.com/en-us/HT212339
- https://support.apple.com/en-us/HT212341
- https://support.apple.com/en-us/HT212532
- https://support.apple.com/en-us/HT212335
- https://support.apple.com/en-us/HT212336
- https://support.apple.com/en-us/HT212339
- https://support.apple.com/en-us/HT212341
- https://support.apple.com/en-us/HT212532
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30665
