CVE-2021-30682: 
Apple Safari vulnerability analysis and mitigation

CVE-2021-30682 is a security vulnerability discovered in Apple's WebKit component that was fixed in multiple Apple operating systems including tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5, released on May 24, 2021. The vulnerability was identified as a logic issue in WebKit that could allow a malicious application to leak sensitive user information (Apple Support, Apple Support).

The vulnerability was classified as a logic issue in WebKit that was addressed with improved restrictions. It received a CVSS v3.1 Base Score of 5.5 (Medium) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N. The vulnerability affects the confidentiality of user information but does not impact system integrity or availability (NVD).

When exploited, this vulnerability could allow a malicious application to leak sensitive user information. The impact is primarily focused on data confidentiality, as indicated by the CVSS metrics showing high confidentiality impact but no integrity or availability impacts (NVD).

Apple addressed this vulnerability by implementing improved restrictions in WebKit. The fix was released across multiple platforms: tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. Users are advised to update their devices to these versions or later to mitigate the vulnerability (Apple Support).

The vulnerability was discovered and reported by security researcher Prakash (@1lastBr3ath). Apple acknowledged the researcher's contribution in their security advisory (Apple Support).