CVE-2021-30661
Apple Multiple Products WebKit Storage Use-After-Free Vulnerability
8.8
HIGH
CVSS 3.1
⚠ KEVEPSS 0.05%
描述
A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.1, iOS 12.5.3, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
如何修補 CVE-2021-30661
要修補 CVE-2021-30661,請將受影響套件升級到下列已修補版本。
- —升級至 2.30.1-1 或更新版本
- —升級至 2.30.0-1 或更新版本
CVE-2021-30661 正在被利用嗎?
是 — CVE-2021-30661 已列入 CISA Known Exploited Vulnerabilities (KEV) 清單,代表正在被實際利用,請立即修補。
受影響套件(2)
- from 0, < 2.30.1-1
- from 0, < 2.30.0-1
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | HIGH8.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |