CVE-2021-30761: 
Rocky Linux vulnerability analysis and mitigation

CVE-2021-30761 is a memory corruption vulnerability in WebKit that affects iOS devices. The vulnerability was discovered and fixed in iOS 12.5.4, released on June 14, 2021. The issue occurs when processing maliciously crafted web content, which could lead to arbitrary code execution. Apple acknowledged that this vulnerability had been actively exploited in the wild (Apple Support).

The vulnerability is classified as a memory corruption issue that was addressed with improved state management in WebKit. It received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is categorized as CWE-787 (Out-of-bounds Write) (NVD).

When successfully exploited, this vulnerability allows attackers to execute arbitrary code on affected devices through maliciously crafted web content. The high CVSS score indicates severe potential impacts on confidentiality, integrity, and availability of the affected systems (NVD).

Apple addressed this vulnerability in iOS 12.5.4. The fix was implemented through improved state management in WebKit. Affected devices include iPhone 5s, iPhone 6, iPhone 6 Plus, iPad Air, iPad mini 2, iPad mini 3, and iPod touch (6th generation). Users are strongly advised to update to iOS 12.5.4 or later to protect against this vulnerability (Apple Support).