CVE-2021-30952
Published Aug 24, 2021
Last updated a month ago
- Description
- An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
- Source
- product-security@apple.com
- NVD status
- Analyzed
- Products
- safari, ipados, iphone_os, macos, tvos, watchos, fedora, debian_linux, webkitgtk, wpe_webkit
CVSS 3.1
- Type
- Primary
- Base score
- 7.8
- Impact score
- 5.9
- Exploitability score
- 1.8
- Vector string
- CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
- Severity
- HIGH
CVSS 2.0
- Type
- Primary
- Base score
- 6.8
- Impact score
- 6.4
- Exploitability score
- 8.6
- Vector string
- AV:N/AC:M/Au:N/C:P/I:P/A:P
Data from CISA
- Vulnerability name
- Apple Multiple Products Integer Overflow or Wraparound Vulnerability
- Exploit added on
- Mar 5, 2026
- Exploit action due
- Mar 26, 2026
- Required action
- Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Hype score
- Not currently trending
The Coruna iOS exploit kit combines WebKit vulnerabilities with kernel exploits to achieve full device compromise. Attackers chain CVE-2023-41974 and CVE-2021-30952 for zero-click attacks via iMessage, then move laterally within devices to exfiltrate financial data and personal
@aviatrixtrc
27 Mar 2026
62 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
🚨 BREAKING: CISA adds FIVE new vulnerabilities to its Known Exploited Vulnerabilities Catalog! 🚨 🔍 CVE-2017-7921: Hikvision Improper Authentication 🔍 CVE-2021-22681: Rockwell Insufficient Protected Credentials 🔍 CVE-2021-30952: Apple Integer Overflow 🔍 CVE-2023
@NewsNerdie
17 Mar 2026
42 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISA KEV 警告 26/03/05:Apple macOS/iOS などにおける複数の脆弱性を登録 https://t.co/F6dGaEVrJp Apple の製品群で発見された深刻な脆弱性は、主にメモリ管理と計算処理の不備に起因するものです。具体的には、CVE-2023-430
@iototsecnews
16 Mar 2026
132 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CISAがCoruna関連のiOS 脆弱性 3件をKEV追加 iOS 13〜17.2.1を狙う23件の攻撃キット対応(CVE-2023-41974,CVE-2021-30952,CVE-2023-43000) https://t.co/bR3T4UgulA #セキュリティ対策Lab #セキュリティ #Security #CybersecurityNews
@securityLab_jp
11 Mar 2026
104 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2021-30952, CVE-2023-41974, CVE-2023-43000: iOS exploits from 2021 still working in 2026. Coruna kit passed hands: US surveillance → state actors → Chinese criminals. Zero-day recycling market is real. Update your iPhones. Please.
@CisoRaging77913
9 Mar 2026
61 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨 CISA ordered U.S. federal agencies to patch three iOS security flaws targeted in cyberespionage and crypto-theft attacks using the Coruna exploit kit. <<<IMPORTANT>>> ⚡️ CVE-2021-30952, CVE-2023-41974, CVE-2023-43000 added to CISA KEV catalog ⚡️ Co
@xkzdb
6 Mar 2026
95 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
🚨Cisco Catalyst SD-WANの脆弱性、さらに2件の悪用が明らかに:CVE-2026-20128、CVE-2026-20122 ⚠️米CISA、Apple製品の古い脆弱性3件をKEVカタログに追加(CVE-2023-43000、CVE-2021-30952、CVE-2023-41974) 〜サイバーアラート3月6日
@MachinaRecord
6 Mar 2026
189 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
米国サイバーセキュリティ・社会基盤安全保障庁(CISA)が既知の悪用された脆弱性カタログに5件の脆弱性を追加。ハイクビジョンのCVE-2017-7921、Rockwell Automation製品のCVE-2021-22681、Apple製品のCVE-2021-30952、CVE-2023-4197
@__kokumoto
5 Mar 2026
822 Impressions
0 Retweets
2 Likes
1 Bookmark
1 Reply
0 Quotes
[
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:apple:safari:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7B60AA98-68B6-4770-884B-36AE7826E729",
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CCE4E546-A0DD-4E9E-A6B9-C19B04D77466",
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FB904C1-43D1-4583-8729-5D1B1746A54C",
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "CA118623-E817-42AA-AB39-6239B1284192",
"versionEndExcluding": "12.1",
"versionStartIncluding": "12.0",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "16CAE2FB-FADC-4BF4-9115-D20D365051BF",
"versionEndExcluding": "15.2",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7A7245FB-6FBE-4C09-80F5-18504CA623B3",
"versionEndExcluding": "8.3",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*",
"matchCriteriaId": "A930E247-0B43-43CB-98FF-6CE7B8189835",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
"matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*",
"matchCriteriaId": "FA6FEEC2-9F11-4643-8827-749718254FED",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0529EBF6-4F6C-47D5-AD9A-C91C0B4EBC2F",
"versionEndExcluding": "2.34.4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:wpewebkit:wpe_webkit:*:*:*:*:*:*:*:*",
"matchCriteriaId": "7FBA5321-1F37-45EF-8DB4-DAE5D1C874B9",
"versionEndExcluding": "2.34.4",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
]