CVE-2021-30846 – This is a memory corruption vulnerability in Ap... (How to Fix)

Q: What is the severity of CVE-2021-30846?

CVE-2021-30846 has a CVSS score of 7.8 (HIGH). This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, Safari, tvOS, and watchOS users who visit compromised websites. Attackers can exploit this to take full control of affected devices.

📋 TL;DR

This is a memory corruption vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. It affects iOS, iPadOS, Safari, tvOS, and watchOS users who visit compromised websites. Attackers can exploit this to take full control of affected devices.

💻 Affected Systems

Products:

iOS
iPadOS
Safari
tvOS
watchOS

Versions: Versions prior to iOS 14.8, iPadOS 14.8, Safari 15, tvOS 15, iOS 15, iPadOS 15, watchOS 8

Operating Systems: iOS, iPadOS, tvOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices using WebKit browser engine are affected. Safari on macOS may also be vulnerable if not updated.

📦 What is this software?

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete device compromise leading to data theft, surveillance, ransomware deployment, or use as part of a botnet.

🟠

Likely Case

Drive-by attacks where users visit malicious websites leading to malware installation or credential theft.

🟢

If Mitigated

No impact if devices are fully patched and users avoid suspicious websites.

🌐 Internet-Facing: HIGH - Exploitable via web browsing without user interaction beyond visiting a malicious site.

🏢 Internal Only: MEDIUM - Could be exploited via internal phishing campaigns or compromised internal websites.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Multiple public disclosures suggest exploit code is available. Drive-by exploitation requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 14.8, iPadOS 14.8, Safari 15, tvOS 15, iOS 15, iPadOS 15, watchOS 8

Vendor Advisory: https://support.apple.com/en-us/HT212807

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Download and install the latest iOS/iPadOS update. 3. For Safari on macOS, update through System Preferences > Software Update. 4. For Apple TV, go to Settings > System > Software Updates. 5. For Apple Watch, update through the Watch app on iPhone.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to prevent exploitation (breaks most websites)

Safari: Settings > Advanced > Enable JavaScript (toggle off)

Use Alternative Browser

all

Use browsers not based on WebKit engine (Chrome, Firefox) until patched

🧯 If You Can't Patch

Restrict web browsing to trusted sites only using content filtering
Implement network segmentation to isolate vulnerable devices from critical systems

🔍 How to Verify

Check if Vulnerable:

Check device version: iOS/iPadOS: Settings > General > About > Version. Safari: Safari menu > About Safari. If version is below patched versions, device is vulnerable.

Check Version:

iOS/iPadOS: Settings > General > About > Version. macOS: Safari > About Safari. tvOS: Settings > General > About. watchOS: Watch app on iPhone > General > About

Verify Fix Applied:

Verify device shows patched version after update: iOS 14.8+, iPadOS 14.8+, Safari 15+, tvOS 15+, iOS 15+, iPadOS 15+, watchOS 8+

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit process crashes
Suspicious JavaScript execution patterns
Unexpected network connections from browser processes

Network Indicators:

Traffic to known malicious domains hosting exploit code
Unusual outbound connections from Apple devices after web browsing

SIEM Query:

source="*safari*" OR process="WebKit" AND (event="crash" OR event="memory_violation")

📊 Metadata

CVE ID: CVE-2021-30846

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 19, 2021

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2021/Oct/60 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/26/9 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/1 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/2 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/4 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/
https://support.apple.com/en-us/HT212807 Vendor Advisory
https://support.apple.com/en-us/HT212814 Vendor Advisory
https://support.apple.com/en-us/HT212815 Vendor Advisory
https://support.apple.com/en-us/HT212816 Vendor Advisory
https://support.apple.com/en-us/HT212819 Vendor Advisory
https://support.apple.com/kb/HT212869 Vendor Advisory
https://www.debian.org/security/2021/dsa-4995 Third Party Advisory
https://www.debian.org/security/2021/dsa-4996 Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/60 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/62 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/63 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/26/9 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/1 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/2 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/4 Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/
https://support.apple.com/en-us/HT212807 Vendor Advisory
https://support.apple.com/en-us/HT212814 Vendor Advisory
https://support.apple.com/en-us/HT212815 Vendor Advisory
https://support.apple.com/en-us/HT212816 Vendor Advisory
https://support.apple.com/en-us/HT212819 Vendor Advisory
https://support.apple.com/kb/HT212869 Vendor Advisory
https://www.debian.org/security/2021/dsa-4995 Third Party Advisory
https://www.debian.org/security/2021/dsa-4996 Third Party Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30846, you might also want to check these: