Login Sign Up

CVE-2021-30916

7.8 HIGH

📋 TL;DR

CVE-2021-30916 is a memory corruption vulnerability in Apple operating systems that allows malicious applications to execute arbitrary code with kernel privileges. This affects iOS, iPadOS, and macOS systems running vulnerable versions. Successful exploitation gives attackers complete control over the affected device.

💻 Affected Systems

Products:
  • iOS
  • iPadOS
  • macOS
Versions: iOS/iPadOS versions before 15.1 and 14.8.1, macOS versions before Monterey 12.0.1, Big Sur 11.6.1, and Security Update 2021-007 for Catalina
Operating Systems: iOS, iPadOS, macOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations are vulnerable. Requires malicious application execution.

📦 What is this software?

Ipad Os by Apple

View all CVEs affecting Ipad Os →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with kernel-level persistence, data theft, and ability to bypass all security controls.

🟠

Likely Case

Malicious app gains full system access, installs backdoors, steals credentials and sensitive data.

🟢

If Mitigated

Limited impact if systems are patched, app sandboxing is enforced, and only trusted apps are installed.

🌐 Internet-Facing: LOW
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: MEDIUM

Exploitation requires user to install and run a malicious application. Public disclosures include technical details.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: iOS 15.1, iPadOS 15.1, macOS Monterey 12.0.1, iOS 14.8.1, iPadOS 14.8.1, Security Update 2021-007 Catalina, macOS Big Sur 11.6.1

Vendor Advisory: https://support.apple.com/en-us/HT212867

Restart Required: Yes

Instructions:

1. Open Settings > General > Software Update on iOS/iPadOS or System Preferences > Software Update on macOS. 2. Download and install the latest available update. 3. Restart the device when prompted.

🔧 Temporary Workarounds

Restrict App Installation

all

Only allow installation of apps from trusted sources like the App Store

For iOS/iPadOS: Settings > General > Device Management > Enable restrictions
For macOS: System Preferences > Security & Privacy > Allow apps downloaded from: App Store

🧯 If You Can't Patch

  • Implement strict application allowlisting policies
  • Segment vulnerable devices from critical network resources

🔍 How to Verify

Check if Vulnerable:

Check current OS version against affected versions list

Check Version:

iOS/iPadOS: Settings > General > About > Version; macOS: Apple menu > About This Mac > macOS version

Verify Fix Applied:

Verify OS version matches or exceeds patched versions listed in fix_official.patch_version

📡 Detection & Monitoring

Log Indicators:

  • Unexpected kernel extensions loading
  • Unusual process spawning with elevated privileges
  • System integrity protection (SIP) violations

Network Indicators:

  • Unusual outbound connections from system processes
  • DNS queries to suspicious domains from kernel processes

SIEM Query:

source="apple_system_logs" AND (event="kernel_extension_load" OR process="kernel_task") AND NOT signature="apple_signed"

📊 Metadata

CVE ID: CVE-2021-30916
CVSS v3 Score: 7.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-787
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30916, you might also want to check these:

CVE-2022-43604 10.0

CVE-2022-43604 is a critical out-of-bounds write vulnerability in the OpENer EtherNet/IP stack that ...

Same vulnerability type (CWE-787)
CVE-2025-24201 10.0

This critical vulnerability allows malicious web content to break out of the Web Content sandbox via...

Same vulnerability type (CWE-787)
CVE-2020-14871 10.0

This is a critical buffer overflow vulnerability (CWE-787) in Oracle Solaris's Pluggable Authenticat...

Same vulnerability type (CWE-787)