Lucene search

K
ubuntucveUbuntu.comUB:CVE-2021-30661
HistorySep 08, 2021 - 12:00 a.m.

CVE-2021-30661

2021-09-0800:00:00
ubuntu.com
ubuntu.com
31
use after free
memory management
safari 14.1
ios 12.5.3
ipados 14.5
watchos 7.4
tvos 14.5
macos big sur 11.3
arbitrary code execution
exploited
web content
javascriptcore
limited support
ubuntu.

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.9%

A use after free issue was addressed with improved memory management. This
issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5,
watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted
web content may lead to arbitrary code execution. Apple is aware of a
report that this issue may have been actively exploitedโ€ฆ

Notes

Author Note
jdstrand webkit receives limited support. For details, see https://wiki.ubuntu.com/SecurityTeam/FAQ#webkit webkit in Ubuntu uses the JavaScriptCore (JSC) engine, not V8

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

CVSS3

8.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

EPSS

0.006

Percentile

78.9%