CVE-2021-30698 – This CVE describes a null pointer dereference v... (How to Fix)

Q: What is the severity of CVE-2021-30698?

CVE-2021-30698 has a CVSS score of 7.5 (HIGH). This CVE describes a null pointer dereference vulnerability in Apple's macOS, iOS, iPadOS, and Safari that could allow a remote attacker to cause a denial of service. The vulnerability affects users running older versions of these Apple operating systems and browsers. Successful exploitation could crash affected applications or systems.

📋 TL;DR

This CVE describes a null pointer dereference vulnerability in Apple's macOS, iOS, iPadOS, and Safari that could allow a remote attacker to cause a denial of service. The vulnerability affects users running older versions of these Apple operating systems and browsers. Successful exploitation could crash affected applications or systems.

💻 Affected Systems

Products:

macOS
Safari
iOS
iPadOS

Versions: Versions prior to macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6, iPadOS 14.6

Operating Systems: macOS, iOS, iPadOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected versions are vulnerable. The vulnerability is in the core operating system/browser components.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system crash or application termination leading to denial of service, potentially requiring system reboot.

🟠

Likely Case

Application crash (Safari browser crash) when processing malicious content, causing temporary disruption.

🟢

If Mitigated

No impact if systems are patched to the fixed versions.

🌐 Internet-Facing: HIGH - Remote attackers can trigger this vulnerability through web content without user interaction.

🏢 Internal Only: LOW - Requires user to visit malicious content, but internal users could be targeted through phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Remote exploitation possible without authentication. The vulnerability is in input validation, making exploitation relatively straightforward.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.4, Safari 14.1.1, iOS 14.6, iPadOS 14.6

Vendor Advisory: https://support.apple.com/en-us/HT212528

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update on macOS or Settings > General > Software Update on iOS/iPadOS. 2. Install available updates. 3. Restart device when prompted. For Safari only updates, use App Store updates on macOS.

🔧 Temporary Workarounds

Disable JavaScript

macOS

Temporarily disable JavaScript in Safari to prevent exploitation through web content

Safari > Preferences > Security > uncheck 'Enable JavaScript'

🧯 If You Can't Patch

Restrict access to untrusted websites and web content
Use alternative browsers temporarily until patching is possible

🔍 How to Verify

Check if Vulnerable:

Check current OS/browser version against affected versions. On macOS: About This Mac > Overview. On iOS/iPadOS: Settings > General > About > Version. In Safari: Safari > About Safari.

Check Version:

macOS: sw_vers -productVersion, iOS/iPadOS: Settings app, Safari: defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify version is equal to or greater than: macOS 11.4, Safari 14.1.1, iOS 14.6, iPadOS 14.6

📡 Detection & Monitoring

Log Indicators:

Application crash logs for Safari or system processes
Kernel panic logs indicating null pointer dereference

Network Indicators:

Multiple rapid requests to malicious domains followed by application crashes

SIEM Query:

source="*crash*" AND (process="Safari" OR process="WebKit") AND message="*null*" OR "*dereference*"

📊 Metadata

CVE ID: CVE-2021-30698

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-476

Published: September 8, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT212528 Vendor Advisory
https://support.apple.com/en-us/HT212529 Vendor Advisory
https://support.apple.com/en-us/HT212534 Vendor Advisory
https://support.apple.com/en-us/HT212528 Vendor Advisory
https://support.apple.com/en-us/HT212529 Vendor Advisory
https://support.apple.com/en-us/HT212534 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30698, you might also want to check these: