Login Sign Up

CVE-2021-30953

8.8 HIGH
Remote Code Execution

📋 TL;DR

This vulnerability allows attackers to execute arbitrary code on affected Apple devices by tricking users into visiting malicious web pages. It affects Safari browsers and Apple operating systems before specific patched versions. Users who haven't updated their Apple devices are vulnerable to this remote code execution attack.

💻 Affected Systems

Products:
  • Safari
  • tvOS
  • macOS Monterey
  • iOS
  • iPadOS
  • watchOS
Versions: Versions before tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 15.2, watchOS 8.3
Operating Systems: tvOS, macOS, iOS, iPadOS, watchOS
Default Config Vulnerable: ⚠️ Yes
Notes: All default configurations of affected versions are vulnerable when processing web content through Safari or WebKit components.

📦 What is this software?

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Debian Linux by Debian

View all CVEs affecting Debian Linux →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Safari by Apple

View all CVEs affecting Safari →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise leading to data theft, ransomware deployment, or persistent backdoor installation on affected devices.

🟠

Likely Case

Malicious actors create fake websites that exploit this vulnerability to install malware, steal credentials, or hijack user sessions.

🟢

If Mitigated

With proper patching, the vulnerability is eliminated; with network filtering, the risk is reduced but not eliminated for unpatched systems.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: MEDIUM

Exploitation requires user interaction (visiting malicious website) but no authentication. The out-of-bounds read can lead to memory corruption enabling code execution.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 15.2, watchOS 8.3

Vendor Advisory: https://support.apple.com/en-us/HT212975

Restart Required: Yes

Instructions:

1. Open System Preferences (macOS) or Settings (iOS/iPadOS/tvOS/watchOS). 2. Navigate to Software Update. 3. Install the latest available update. 4. Restart the device when prompted.

🔧 Temporary Workarounds

Web Content Filtering

all

Block access to untrusted websites using network filtering or browser extensions to prevent exposure to malicious content.

Disable JavaScript

all

Temporarily disable JavaScript in Safari settings to mitigate the vulnerability (breaks most websites).

🧯 If You Can't Patch

  • Implement strict web filtering to block access to untrusted websites
  • Use alternative browsers that are not based on WebKit until patching is possible

🔍 How to Verify

Check if Vulnerable:

Check the operating system version: On macOS, go to Apple menu > About This Mac; on iOS/iPadOS, go to Settings > General > About; compare against patched versions.

Check Version:

macOS: sw_vers -productVersion; iOS/iPadOS: Settings > General > About > Version

Verify Fix Applied:

Verify the installed version matches or exceeds: tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 15.2, watchOS 8.3

📡 Detection & Monitoring

Log Indicators:

  • Unusual Safari/WebKit process crashes
  • Memory access violation logs in system logs
  • Unexpected network connections from Safari processes

Network Indicators:

  • Outbound connections to suspicious domains following web browsing
  • Unusual HTTP traffic patterns from Apple devices

SIEM Query:

source="apple_system_logs" AND (process="Safari" OR process="WebKit") AND (event="crash" OR event="memory_violation")

📊 Metadata

CVE ID: CVE-2021-30953
CVSS v3 Score: 8.8 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CWE: CWE-125
Published: August 24, 2021
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-30953, you might also want to check these:

CVE-2021-41556 10.0

CVE-2021-41556 is a critical out-of-bounds read vulnerability in Squirrel scripting language that al...

Same vulnerability type (CWE-125)
CVE-2024-22004 10.0

This vulnerability allows attackers with privileged access on Linux non-secure operating systems to ...

Same vulnerability type (CWE-125)
CVE-2021-21777 10.0

CVE-2021-21777 is a critical out-of-bounds read vulnerability in the Ethernet/IP UDP handler of OpEN...

Same vulnerability type (CWE-125)