Wiz
Vulnerability DatabaseCVE-2021-30849

CVE-2021-30849
Apple iTunes vulnerability analysis and mitigation

Overview

CVE-2021-30849 is a security vulnerability affecting multiple Apple products including iOS, iPadOS, watchOS, Safari, tvOS, and iTunes for Windows. The vulnerability was disclosed on September 20, 2021 and involves multiple memory corruption issues in WebKit that were addressed with improved memory handling (Apple Support, NVD).

Technical details

The vulnerability is classified as a memory corruption issue in WebKit, Apple's browser engine. It has a CVSS v3.1 Base Score of 7.8 (HIGH) with vector CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is categorized as CWE-787 (Out-of-bounds Write) (NVD).

Impact

Processing maliciously crafted web content may lead to arbitrary code execution on affected devices. This could potentially allow attackers to execute malicious code when users visit specially crafted malicious websites (Apple Support, WebKit Advisory).

Mitigation and workarounds

Apple has released fixes for this vulnerability in multiple product updates: iOS 14.8 and iPadOS 14.8, watchOS 8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, and iTunes 12.12 for Windows. Users are advised to update their devices to these versions to protect against this vulnerability (Apple Support).

Additional resources

SourceThis report was generated using AI

Related Apple iTunes vulnerabilities:

CVE ID

Severity

Score

Technologies

Component name

CISA KEV exploit

Has fix

Published date

CVE-2022-26717HIGH8.8
  • Apple iTunesApple iTunes
  • libwebkit2gtk-4_0-37
NoYesNov 01, 2022
CVE-2022-22629HIGH8.8
  • Apple iTunesApple iTunes
  • net-libs/webkit-gtk
NoYesSep 23, 2022
CVE-2021-30849HIGH7.8
  • Apple iTunesApple iTunes
  • webkit2gtk
NoYesOct 19, 2021
CVE-2021-30823MEDIUM6.5
  • Apple iCloudApple iCloud
  • webkit2gtk3-jsc-devel
NoYesOct 28, 2021
CVE-2021-1825MEDIUM6.1
  • Apple iCloudApple iCloud
  • pangomm-doc
NoYesSep 08, 2021

Free Vulnerability Assessment

Benchmark your Cloud Security Posture

Evaluate your cloud security practices across 9 security domains to benchmark your risk level and identify gaps in your defenses.

Request assessment

Additional Wiz resources

Cloud Vulnerability DB

Cloud Vulnerability DB

A community-led vulnerabilities database

Cloud Threat Landscape

Cloud Threat Landscape

A threat intelligence database

PEACH

PEACH

A tenant isolation framework

Get a personalized demo

Ready to see Wiz in action?

"Best User Experience I have ever seen, provides full visibility to cloud workloads."
David EstlickCISO
"Wiz provides a single pane of glass to see what is going on in our cloud environments."
Adam FletcherChief Security Officer
"We know that if Wiz identifies something as critical, it actually is."
Greg PoniatowskiHead of Threat and Vulnerability Management
Get a demo