CVE-2021-30858: 
Apple Safari vulnerability analysis and mitigation

CVE-2021-30858 is a use-after-free vulnerability discovered in WebKit that affects iOS, iPadOS, and macOS systems. The vulnerability was disclosed on September 13, 2021, and fixed in iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6, and Safari 14.1.2. The issue affects multiple Apple devices including iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation) (Apple HT212807).

The vulnerability is a use-after-free issue in WebKit that was addressed with improved memory management. It has been assigned a CVSS v3.1 base score of 8.8 HIGH (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H). The vulnerability could be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution (NVD).

When exploited, this vulnerability allows processing of maliciously crafted web content to lead to arbitrary code execution on the affected device. Apple confirmed that this vulnerability may have been actively exploited in the wild (Apple HT212807, CISA Alert).

Apple has released security updates to address this vulnerability. Users should update to iOS 14.8, iPadOS 14.8, macOS Big Sur 11.6, or Safari 14.1.2 depending on their device. For older devices, iOS 12.5.5 also contains fixes for this vulnerability. Linux distributions using WebKit have also released patches, including Debian (versions 2.32.4-1~deb11u1) and Fedora (Apple HT212807, Debian DSA-4975).