CVE-2021-30848 – CVE-2021-30848 is a memory corruption vulnerabi... (How to Fix)

Q: What is the severity of CVE-2021-30848?

CVE-2021-30848 has a CVSS score of 7.8 (HIGH). CVE-2021-30848 is a memory corruption vulnerability in Apple's WebKit browser engine that allows remote code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites. This affects users of vulnerable Apple devices running iOS, iPadOS, or Safari.

📋 TL;DR

CVE-2021-30848 is a memory corruption vulnerability in Apple's WebKit browser engine that allows remote code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites. This affects users of vulnerable Apple devices running iOS, iPadOS, or Safari.

💻 Affected Systems

Products:

iOS
iPadOS
Safari

Versions: iOS/iPadOS versions before 14.8 and 15.0, Safari versions before 15.0

Operating Systems: iOS, iPadOS, macOS

Default Config Vulnerable: ⚠️ Yes

Notes: All devices using WebKit (iPhone, iPad, Mac) with vulnerable versions are affected by default.

📦 What is this software?

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete compromise of the device with full user privileges, allowing data theft, surveillance, and persistence.

🟠

Likely Case

Malware installation, credential theft, or device takeover when users visit malicious websites.

🟢

If Mitigated

No impact if devices are fully patched or if web content filtering blocks malicious sites.

🌐 Internet-Facing: HIGH - Exploitation requires only visiting a malicious website, which is common for internet-facing devices.

🏢 Internal Only: MEDIUM - Internal users could still be targeted via phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires user interaction (visiting malicious website) but no authentication. Public proof-of-concept exists in disclosure references.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 14.8, iPadOS 14.8, Safari 15, iOS 15, iPadOS 15

Vendor Advisory: https://support.apple.com/en-us/HT212804

Restart Required: Yes

Instructions:

1. Go to Settings > General > Software Update. 2. Install iOS/iPadOS 14.8 or later. 3. For Safari on macOS, update through System Preferences > Software Update. 4. Restart device after installation.

🔧 Temporary Workarounds

Disable JavaScript

all

Temporarily disable JavaScript in Safari to prevent exploitation, though this breaks many websites.

Safari > Preferences > Security > uncheck 'Enable JavaScript'

Use alternative browser

all

Use browsers not based on WebKit (Chrome, Firefox) until patched.

🧯 If You Can't Patch

Implement strict web content filtering to block known malicious sites.
Use application allowlisting to prevent unauthorized code execution.

🔍 How to Verify

Check if Vulnerable:

Check iOS/iPadOS version in Settings > General > About > Version. If below 14.8 or 15.0, device is vulnerable.

Check Version:

On iOS/iPadOS: Settings > General > About > Version. On macOS: Safari > About Safari.

Verify Fix Applied:

Verify version shows 14.8 or higher, or 15.0 or higher after update.

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit process crashes
Suspicious website visits in browser history

Network Indicators:

Connections to known malicious domains hosting exploit code

SIEM Query:

source="*browser*" AND (event="crash" OR event="memory_error") AND process="Safari" OR process="WebKit"

📊 Metadata

CVE ID: CVE-2021-30848

CVSS v3 Score: 7.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-787

Published: October 19, 2021

Last Updated: November 21, 2024

🔗 References

http://seclists.org/fulldisclosure/2021/Oct/60 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/26/9 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/1 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/2 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/4 Mailing List
https://support.apple.com/en-us/HT212807 Vendor Advisory
https://support.apple.com/en-us/HT212814 Vendor Advisory
https://support.apple.com/en-us/HT212816 Vendor Advisory
https://support.apple.com/kb/HT212869 Vendor Advisory
http://seclists.org/fulldisclosure/2021/Oct/60 Mailing List,Third Party Advisory
http://seclists.org/fulldisclosure/2021/Oct/61 Mailing List,Third Party Advisory
http://www.openwall.com/lists/oss-security/2021/10/26/9 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/1 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/2 Mailing List
http://www.openwall.com/lists/oss-security/2021/10/27/4 Mailing List
https://support.apple.com/en-us/HT212807 Vendor Advisory
https://support.apple.com/en-us/HT212814 Vendor Advisory
https://support.apple.com/en-us/HT212816 Vendor Advisory
https://support.apple.com/kb/HT212869 Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30848, you might also want to check these: