CVE-2021-30666: 
Rocky Linux vulnerability analysis and mitigation

A buffer overflow vulnerability (CVE-2021-30666) was discovered in Apple's WebKit component affecting iOS devices. The vulnerability was disclosed and patched in iOS 12.5.3, released on May 3, 2021. The issue affected multiple Apple devices including iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). The vulnerability was discovered by researchers yangkang (@dnpushme), zerokeeper, and bianliang of 360 ATA (Apple Advisory).

The vulnerability is a buffer overflow issue in WebKit that was addressed with improved memory handling. It has been assigned a CVSS v3.1 base score of 8.8 (High), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-119 (Improper Restriction of Operations within the Bounds of a Memory Buffer) (NVD).

Processing maliciously crafted web content could lead to arbitrary code execution on affected devices. The vulnerability allows attackers to potentially execute arbitrary code with the privileges of the WebKit process. Apple confirmed awareness of reports that this vulnerability had been actively exploited in the wild (Apple Advisory).

Apple addressed this vulnerability by releasing iOS 12.5.3. Users of affected devices should update their systems to this version or later to protect against exploitation. CISA has required federal agencies to apply the vendor updates per their Known Exploited Vulnerabilities Catalog (Apple Advisory).