CVE-2021-30720: 
Apple Safari vulnerability analysis and mitigation

CVE-2021-30720 is a security vulnerability discovered in Apple's WebKit component that was fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5, released on May 24, 2021. The vulnerability allowed a malicious website to access restricted ports on arbitrary servers due to a logic issue in WebKit (Apple Support, Apple Support).

The vulnerability was identified as a logic issue in WebKit, Apple's browser engine. The security flaw was addressed by implementing improved restrictions to prevent unauthorized port access. The vulnerability has a CVSS v3.1 Base Score of 5.4 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N, indicating network accessibility with low attack complexity and requiring user interaction (NVD).

When exploited, this vulnerability could allow a malicious website to bypass normal restrictions and access ports on arbitrary servers that should typically be restricted. This could potentially lead to unauthorized access to internal services or information disclosure (Apple Support).

Apple addressed this vulnerability by implementing improved restrictions in WebKit. The fix was released across multiple platforms: tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5. Users are advised to update their devices to these versions or later to protect against this vulnerability (Apple Support, Apple Support).

The vulnerability was discovered and reported by security researcher David Schütz (@xdavidhu), demonstrating the ongoing collaboration between independent security researchers and Apple's security team (Apple Support).