CVE-2021-30689: 
Apple Safari vulnerability analysis and mitigation

A logic issue in WebKit was identified and addressed with improved state management. The vulnerability (CVE-2021-30689) affected multiple Apple operating systems including tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. The issue was fixed in updates released on May 24, 2021 (Apple Advisory).

The vulnerability was classified as a universal cross-site scripting (XSS) issue that could be triggered by processing maliciously crafted web content. The root cause was identified as a logic issue in WebKit's handling of state management. The vulnerability received a CVSS v3.1 base score of 6.1 (Medium), with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N (NVD).

When successfully exploited, this vulnerability could allow an attacker to perform universal cross-site scripting attacks through maliciously crafted web content. This could potentially lead to unauthorized access to sensitive information and execution of arbitrary code in the context of the affected browser (Apple Advisory).

Apple addressed this vulnerability by improving state management in WebKit. Users are advised to update to the following versions: tvOS 14.6, iOS 14.6, iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, or watchOS 7.5, depending on their device (Apple Advisory, Apple Advisory).