CVE-2021-30734: 
Apple Safari vulnerability analysis and mitigation

CVE-2021-30734 is a memory corruption vulnerability that was discovered in Apple's WebKit browser engine. The vulnerability was fixed in multiple Apple products including tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, and watchOS 7.5, with patches released on May 24, 2021. The affected systems included iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, iPod touch (7th generation), Apple TV 4K, Apple TV HD, and Apple Watch Series 3 and later (Apple Support, NVD).

The vulnerability was identified as multiple memory corruption issues in WebKit that were addressed with improved memory handling. The CVSS v3.1 base score for this vulnerability is 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is classified under CWE-787 (Out-of-bounds Write) (NVD).

When exploited, processing maliciously crafted web content could lead to arbitrary code execution on the affected device. This could potentially allow attackers to execute unauthorized code and compromise the security of the affected system (Apple Support).

Apple addressed this vulnerability by improving memory handling in WebKit. Users are advised to update their devices to the following versions: tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, or watchOS 7.5, depending on their device (Apple Support).

The vulnerability was discovered and reported by Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative (Apple Support).