CVE-2021-30663: Apple Multiple Products Integer Overflow Vulnerability
First published: Mon May 03 2021(Updated: )
An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.
Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com an anonymous researcher an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Big Sur | <11.3.1 | 11.3.1 |
| Apple iOS | <14.5.1 | 14.5.1 |
| Apple iPadOS | <14.5.1 | 14.5.1 |
| Apple iOS | <12.5.3 | 12.5.3 |
| Apple Safari | <14.1 | 14.1 |
| Apple tvOS | <14.6 | 14.6 |
| Apple Safari | <14.1.1 | 14.1.1 |
| Apple macOS | >=11.0<11.3.1 | |
| Apple Safari | <14.1.1 | |
| Apple iPadOS | >=14.0<14.5.1 | |
| Apple iPhone OS | <12.5.3 | |
| Apple iPhone OS | >=14.0<14.5.1 | |
| Apple tvOS | <14.6 | |
| debian/webkit2gtk | 2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2 | |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.42.1-1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212335 (Advisory)
- https://support.apple.com/en-us/HT212336 (Advisory)
- https://support.apple.com/en-us/HT212340 (Advisory)
- https://support.apple.com/en-us/HT212341 (Advisory)
- https://support.apple.com/en-us/HT212532 (Advisory)
- https://support.apple.com/en-us/HT212534 (Advisory)
- https://webkitgtk.org/security/WSA-2021-0004.html
- https://security-tracker.debian.org/tracker/CVE-2021-30663
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-30665
- CVE-2021-30663
- CVE-2021-30749
- CVE-2021-30734
- CVE-2021-30744
- CVE-2021-30720
- CVE-2021-30682
- CVE-2021-21779
- CVE-2021-30689
- CVE-2021-23841
- CVE-2021-30698
- CVE-2021-30707
- CVE-2021-30685
- CVE-2021-30686
- CVE-2021-30753
- CVE-2021-30733
- CVE-2021-30727
- CVE-2021-30724
- CVE-2021-30771
- CVE-2021-30755
- CVE-2021-30697
- CVE-2021-30710
- CVE-2021-30687
- CVE-2021-30700
- CVE-2021-30701
- CVE-2021-30705
- CVE-2021-30706
- CVE-2021-30740
- CVE-2021-30704
- CVE-2021-30715
- CVE-2021-30736
- CVE-2021-30703
- CVE-2021-30677
- CVE-2021-30737
- CVE-2021-30666
- CVE-2021-30661
Frequently Asked Questions
What is the vulnerability ID for this Apple product vulnerability?
The vulnerability ID for this Apple product vulnerability is CVE-2021-30663.
Which Apple products are affected by this vulnerability?
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit are affected by this vulnerability.
What is the severity of CVE-2021-30663?
The severity of CVE-2021-30663 is not specified in the provided information.
How can the CVE-2021-30663 vulnerability be exploited?
The CVE-2021-30663 vulnerability can be exploited by processing maliciously crafted web content.
How can I fix the CVE-2021-30663 vulnerability?
To fix the CVE-2021-30663 vulnerability, update to the recommended version provided by Apple.
- collector/apple-support
- collector/security-tracker-debian
- agent/last-modified-date
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/type
- agent/weakness
- agent/softwarecombine
- collector/nvd-index
- agent/severity
- agent/author
- agent/references
- agent/title
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/tags
- agent/event
- agent/description
- collector/nvd-api
- source/NVD
- vendor/apple
- canonical/apple safari
- package-manager/debian
- canonical/apple macos big sur
- canonical/apple tvos
- canonical/apple macos
- version/apple macos/11.0
- canonical/apple ipados
- version/apple ipados/14.0
- canonical/apple iphone os
- version/apple iphone os/14.0
- canonical/apple ios
- canonical/apple multiple products