CVE-2021-30802 – This is a use-after-free vulnerability in iOS a... (How to Fix)

Q: What is the severity of CVE-2021-30802?

CVE-2021-30802 has a CVSS score of 8.8 (HIGH). This is a use-after-free vulnerability in iOS and tvOS WebKit that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. All users running vulnerable versions of iOS or tvOS are affected.

📋 TL;DR

This is a use-after-free vulnerability in iOS and tvOS WebKit that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. All users running vulnerable versions of iOS or tvOS are affected.

💻 Affected Systems

Products:

iOS
tvOS

Versions: Versions prior to iOS 14.7 and tvOS 14.7

Operating Systems: iOS, tvOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices running affected versions with WebKit enabled (default) are vulnerable. Safari and other apps using WebKit are affected.

📦 What is this software?

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Tvos by Apple

View all CVEs affecting Tvos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise allowing attackers to install malware, steal sensitive data, and maintain persistent access to the device.

🟠

Likely Case

Attackers deliver malware through malicious websites, potentially stealing credentials, personal data, or enabling further network attacks.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with web filtering and user education, exploitation attempts are blocked before reaching devices.

🌐 Internet-Facing: HIGH - Exploitation requires only visiting a malicious website, making internet-facing devices highly vulnerable to drive-by attacks.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing emails or compromised internal websites, but attack surface is reduced.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. Use-after-free vulnerabilities in WebKit are commonly exploited in the wild.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 14.7, tvOS 14.7

Vendor Advisory: https://support.apple.com/en-us/HT212601

Restart Required: Yes

Instructions:

1. Open Settings app. 2. Go to General > Software Update. 3. Install iOS 14.7 or tvOS 14.7 update. 4. Restart device after installation completes.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to prevent exploitation through web content

Settings > Safari > Advanced > JavaScript > Toggle Off

Use Content Filtering

all

Deploy web content filtering to block known malicious websites

🧯 If You Can't Patch

Implement strict web filtering to block access to untrusted websites
Educate users about phishing risks and safe browsing practices

🔍 How to Verify

Check if Vulnerable:

Check iOS/tvOS version in Settings > General > About > Version. If version is below 14.7, device is vulnerable.

Check Version:

Settings > General > About > Version (iOS/tvOS)

Verify Fix Applied:

Verify version shows 14.7 or higher in Settings > General > About > Version.

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit crashes
Suspicious website access patterns
Process memory anomalies

Network Indicators:

Connections to known malicious domains
Unusual outbound traffic from iOS/tvOS devices

SIEM Query:

source="ios_logs" AND (event="webkit_crash" OR event="safari_crash") AND version<"14.7"

📊 Metadata

CVE ID: CVE-2021-30802

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: September 8, 2021

Last Updated: November 21, 2024

🔗 References

https://support.apple.com/en-us/HT212601 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212604 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212601 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212604 Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30802, you might also want to check these: