VIR Vulnerability Intelligence Relay

CVE-2021-30858

medium KEV
Published 2021-11-03 · Modified 2021-11-03
CVSS v3
CVSS v2
VIR risk
7.0

Description

Apple iOS, iPadOS, and macOS WebKit contain a use-after-free vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

CISA KEV

Vendor
Apple
Product
iOS, iPadOS, and macOS
Due date
2021-11-17

Predictions

Exploit likelihood
99%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: cisa-kev — https://nvd.nist.gov/vuln/detail/CVE-2021-30858

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2021-30858

vendor Authored 2026-05-27

Vendor advisory: rocky — https://errata.rockylinux.org/RLSA-2021:4097

vendor Authored 2026-05-27

Vendor advisory: suse — https://www.suse.com/security/cve/CVE-2021-30858.html

Exploits

OS impact
OSVersionStatusFixed in
arch archfixed2.32.4-1
suse slesaffected
rockylinux rocky8fixed
debian debianbookwormfixed2.32.4-1
debian debianbullseyefixed2.32.4-1~deb11u1
debian debianforkyfixed2.32.4-1
debian debiansidfixed2.32.4-1
debian debiantrixiefixed2.32.4-1

References

Verify integrity in audit chain (admin only). AS-IS.