What is CVE-2021-30744?

CVE-2021-30744 is a cross-origin issue with iframe elements in WebKit that has been addressed with improved tracking of security origins.

Which Apple products are affected by CVE-2021-30744?

CVE-2021-30744 affects Apple tvOS 14.6, Apple Safari 14.1.1, Apple watchOS 7.5, Apple macOS Big Sur 11.4, Apple iOS 14.6, and Apple iPadOS 14.6.

How can I fix CVE-2021-30744?

To fix CVE-2021-30744, update your Apple devices to the respective recommended versions: tvOS 14.6, Safari 14.1.1, watchOS 7.5, macOS Big Sur 11.4, iOS 14.6, and iPadOS 14.6.

Where can I find more information about CVE-2021-30744?

You can find more information about CVE-2021-30744 on the official Apple support page: [link](https://support.apple.com/en-us/HT212533).

Vulnerability/
CVE-2021-30744

medium

6.1

CWE

24/5/2021

8/9/2021

3/8/2024

CVE-2021-30744: XSS

First published: Mon May 24 2021(Updated: )

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.

Credit: Dan Hite jsontopDan Hite jsontopDan Hite jsontopDan Hite jsontopDan Hite jsontop product-security@apple.com

Affected Software	Affected Version	How to fix
debian/webkit2gtk		2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2
debian/wpewebkit		2.38.6-1~deb11u1 2.38.6-1 2.42.1-1
Apple Safari	<14.1.1
Apple iPadOS	<14.6
Apple iPhone OS	<14.6
Apple macOS	>=11.0.1<11.4
Apple tvOS	<14.6
Apple watchOS	<7.5
Apple watchOS	<7.5	7.5
Apple macOS Big Sur	<11.4	11.4
Apple iOS	<14.6	14.6
Apple iPadOS	<14.6	14.6
Apple tvOS	<14.6	14.6
Apple Safari	<14.1.1	14.1.1

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT212528 (Advisory)
https://support.apple.com/en-us/HT212529 (Advisory)
https://support.apple.com/en-us/HT212532 (Advisory)
https://support.apple.com/en-us/HT212533 (Advisory)
https://support.apple.com/en-us/HT212534 (Advisory)
https://webkitgtk.org/security/WSA-2021-0004.html
https://security-tracker.debian.org/tracker/CVE-2021-30744

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2021-30749
CVE-2021-30734
CVE-2021-30744
CVE-2021-30720
CVE-2021-30682
CVE-2021-21779
CVE-2021-30689
CVE-2021-30663
CVE-2021-23841
CVE-2021-30698
CVE-2021-30678
CVE-2021-30676
CVE-2021-30688
CVE-2021-30669
CVE-2021-30707
CVE-2021-30685
CVE-2021-30672
CVE-2021-30681
CVE-2021-30686
CVE-2021-30733
CVE-2021-30753
CVE-2021-30727
CVE-2021-30724
CVE-2021-30673
CVE-2021-30771
CVE-2021-30755
CVE-2021-30684
CVE-2021-30735
CVE-2021-30697
CVE-2021-30710
CVE-2021-30683
CVE-2021-30687
CVE-2021-30700
CVE-2021-30701
CVE-2021-30705
CVE-2021-30706
CVE-2021-30719
CVE-2021-30728
CVE-2021-30726
CVE-2021-30731
CVE-2021-30740
CVE-2021-30704
CVE-2021-30715
CVE-2021-30736
CVE-2021-30739
CVE-2021-30703
CVE-2021-30680
CVE-2021-30677
CVE-2021-30702
CVE-2021-30696
CVE-2021-30756
CVE-2021-30723
CVE-2021-30691
CVE-2021-30692
CVE-2021-30694
CVE-2021-30725
CVE-2021-30746
CVE-2021-30693
CVE-2021-30695
CVE-2021-30708
CVE-2021-30709
CVE-2021-30679
CVE-2020-36226
CVE-2020-36227
CVE-2020-36223
CVE-2020-36224
CVE-2020-36225
CVE-2020-36221
CVE-2020-36228
CVE-2020-36222
CVE-2020-36230
CVE-2020-36229
CVE-2021-30738
CVE-2021-30751
CVE-2021-30737
CVE-2021-30716
CVE-2021-30717
CVE-2021-30721
CVE-2021-30722
CVE-2021-30712
CVE-2021-30668
CVE-2021-30718
CVE-2021-30671
CVE-2021-30713
CVE-2021-30665
CVE-2021-30714
CVE-2021-30729
CVE-2021-30674
CVE-2021-30741
CVE-2021-1821
CVE-2021-30699
CVE-2021-30999
CVE-2021-30667

Frequently Asked Questions

What is CVE-2021-30744?
CVE-2021-30744 is a cross-origin issue with iframe elements in WebKit that has been addressed with improved tracking of security origins.
Which Apple products are affected by CVE-2021-30744?
CVE-2021-30744 affects Apple tvOS 14.6, Apple Safari 14.1.1, Apple watchOS 7.5, Apple macOS Big Sur 11.4, Apple iOS 14.6, and Apple iPadOS 14.6.
How can I fix CVE-2021-30744?
To fix CVE-2021-30744, update your Apple devices to the respective recommended versions: tvOS 14.6, Safari 14.1.1, watchOS 7.5, macOS Big Sur 11.4, iOS 14.6, and iPadOS 14.6.
Where can I find more information about CVE-2021-30744?
You can find more information about CVE-2021-30744 on the official Apple support page: [link](https://support.apple.com/en-us/HT212533).

collector/security-tracker-debian
collector/apple-support
agent/type
agent/first-publish-date
agent/softwarecombine
agent/last-modified-date
agent/software-canonical-lookup-request
collector/nvd-index
agent/references
agent/weakness
agent/severity
agent/author
agent/tags
agent/event
agent/description
collector/mitre-cve
source/MITRE
package-manager/debian
vendor/apple
canonical/apple safari
canonical/apple macos big sur
canonical/apple watchos
canonical/apple ipados
canonical/apple iphone os
canonical/apple macos
version/apple macos/11.0.1
canonical/apple tvos
canonical/apple ios