VDB
CVE-2021-30972
CVE-2021-30972
PUBLISHED
CVSS 9.800000190734863 CRITICAL
A memory corruption issue was addressed with improved input validation. This issue is fixed in iOS 15.3 and iPadOS 15.3, macOS Big Sur 11.6.3, macOS Monterey 12.2. A malicious application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited..
EPSS 0.05% · 17.5th percentile
Risk Scores
CVSS 3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.05%
17.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Apple | iOS and iPadOS | unspecified |
| Apple | macOS | unspecified, unspecified |
Timeline
- Aug 24, 2021 CVE Published
- Jan 27, 2022 PoC Published
- Mar 24, 2022 EPSS Score
- Mar 25, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- May 14, 2022 EPSS Score
- Jul 4, 2022 EPSS Score
- Oct 15, 2022 EPSS Score
- Dec 5, 2022 EPSS Score
- Jan 25, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Mar 17, 2023 EPSS Score
References
- https://support.apple.com/en-us/HT213059 advisory
- https://support.apple.com/en-us/HT213056 advisory
- https://support.apple.com/en-us/HT213057 advisory
- https://support.apple.com/en-us/HT213058 advisory
- https://support.apple.com/en-us/HT213054 advisory
- https://support.apple.com/en-us/HT213053 advisory
- https://support.apple.com/en-us/HT213055 advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2022-22587 url