CVE-2021-30836: 
Apple Safari vulnerability analysis and mitigation

CVE-2021-30836 is a security vulnerability discovered in Apple's WebKit component that affects multiple Apple products including iOS, iPadOS, tvOS, watchOS, and Safari. The vulnerability was disclosed and patched in September 2021. It was identified by Peter Nguyen Vu Hoang of STAR Labs and involves an out-of-bounds read issue when processing maliciously crafted audio files (Apple Support, WebKit Advisory).

The vulnerability is classified as an out-of-bounds read vulnerability (CWE-125) that occurs when processing maliciously crafted audio files. The issue was addressed with improved input validation. The vulnerability has a CVSS v3.1 base score of 5.5 (MEDIUM) with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N (NVD).

When exploited, this vulnerability could allow an attacker to disclose restricted memory through processing a maliciously crafted audio file. This could potentially lead to information disclosure and privacy violations (Apple Support, WebKit Advisory).

Apple has addressed this vulnerability by implementing improved input validation in the following software updates: iOS 14.8 and iPadOS 14.8, tvOS 15, watchOS 8, iOS 15 and iPadOS 15, and Safari 15. Users are advised to update their devices to these or later versions to protect against this vulnerability (Apple Support).