Login Sign Up

CVE-2021-30797

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows malicious web content to execute arbitrary code on affected Apple devices. It affects users of iOS, Safari, macOS, watchOS, and tvOS before specific patched versions. Attackers could exploit this by tricking users into visiting malicious websites.

💻 Affected Systems

Products:
  • iOS
  • Safari
  • macOS
  • watchOS
  • tvOS
Versions: Versions before iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7
Operating Systems: iOS, macOS, watchOS, tvOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable when processing web content.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full system compromise with attacker gaining complete control over the device, potentially leading to data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Limited code execution in browser context leading to session hijacking, credential theft, or installation of malware through drive-by download attacks.

🟢

If Mitigated

No impact if devices are fully patched and users avoid suspicious websites; sandboxing may limit damage even if exploited.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Complexity is medium due to Apple's security mitigations.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 14.7, Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7

Vendor Advisory: https://support.apple.com/en-us/HT212601

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Install available updates. 4. Restart device when prompted.

🔧 Temporary Workarounds

Disable JavaScript

all

Prevents execution of malicious JavaScript that could trigger the vulnerability.

Use alternative browser

all

Switch to browsers not based on WebKit/Safari engine until patched.

🧯 If You Can't Patch

  • Implement web filtering to block known malicious domains
  • Use application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check current OS version in Settings > General > About on iOS/watchOS/tvOS or About This Mac on macOS.

Check Version:

sw_vers (macOS), uname -a (general Unix), or check Settings > General > About (iOS/watchOS/tvOS)

Verify Fix Applied:

Verify OS version matches or exceeds patched versions: iOS 14.7+, Safari 14.1.2+, macOS 11.5+, watchOS 7.6+, tvOS 14.7+.

📡 Detection & Monitoring

Log Indicators:

  • Unusual process spawning from browser processes
  • Crash reports from WebKit/Safari processes

Network Indicators:

  • Connections to suspicious domains from browser processes
  • Unexpected outbound traffic patterns

SIEM Query:

source="*browser*" AND (event="process_creation" OR event="crash") AND process_name IN ("Safari", "WebKit")

📊 Metadata

CVE ID: CVE-2021-30797
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Published: September 8, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON