CVE-2021-30758 – This vulnerability allows attackers to execute ... (How to Fix)

Q: What is the severity of CVE-2021-30758?

CVE-2021-30758 has a CVSS score of 8.8 (HIGH). This vulnerability allows attackers to execute arbitrary code on affected Apple devices by tricking users into visiting malicious websites. It affects iOS, Safari, macOS, watchOS, and tvOS devices running outdated versions. The type confusion issue in web content processing can be exploited without user interaction beyond loading web content.

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on affected Apple devices by tricking users into visiting malicious websites. It affects iOS, Safari, macOS, watchOS, and tvOS devices running outdated versions. The type confusion issue in web content processing can be exploited without user interaction beyond loading web content.

💻 Affected Systems

Products:

iOS
Safari
macOS
watchOS
tvOS

Versions: Versions before iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7

Operating Systems: iOS, macOS, watchOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations are vulnerable. Safari vulnerability affects both macOS and iOS versions.

📦 What is this software?

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of device with full system access, data theft, and persistent malware installation.

🟠

Likely Case

Browser-based compromise leading to session hijacking, credential theft, and installation of surveillance tools.

🟢

If Mitigated

Limited impact with proper network segmentation, web filtering, and endpoint protection blocking malicious sites.

🌐 Internet-Facing: HIGH - Exploitable through normal web browsing without authentication.

🏢 Internal Only: MEDIUM - Requires user to visit malicious content, which could be delivered internally via phishing or compromised internal sites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Type confusion vulnerabilities in browser engines are frequently exploited in the wild. No public exploit code is known, but similar vulnerabilities have been actively exploited.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7

Vendor Advisory: https://support.apple.com/en-us/HT212601

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents exploitation by disabling JavaScript execution in Safari

Safari > Preferences > Security > Uncheck 'Enable JavaScript'

Use Alternative Browser

all

Switch to browsers not based on WebKit until patched

🧯 If You Can't Patch

Implement strict web content filtering to block malicious sites
Use application allowlisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check current OS version in Settings > General > About > Software Version

Check Version:

sw_vers (macOS) or Settings > General > About (iOS)

Verify Fix Applied:

Verify version number matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit process crashes
Suspicious JavaScript execution patterns

Network Indicators:

Connections to known malicious domains from Safari
Unusual outbound traffic patterns

SIEM Query:

source="*safari*" AND (event="crash" OR event="exception") | stats count by host

📊 Metadata

CVE ID: CVE-2021-30758

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: September 8, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT212601 Vendor Advisory
https://support.apple.com/en-us/HT212602 Vendor Advisory
https://support.apple.com/en-us/HT212604 Vendor Advisory
https://support.apple.com/en-us/HT212605 Vendor Advisory
https://support.apple.com/en-us/HT212606 Vendor Advisory
https://support.apple.com/en-us/HT212601 Vendor Advisory
https://support.apple.com/en-us/HT212602 Vendor Advisory
https://support.apple.com/en-us/HT212604 Vendor Advisory
https://support.apple.com/en-us/HT212605 Vendor Advisory
https://support.apple.com/en-us/HT212606 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30758, you might also want to check these: