CVE-2021-30890: 
Rocky Linux vulnerability analysis and mitigation

CVE-2021-30890 is a logic vulnerability in Apple's operating systems that was disclosed and patched in October 2021. The vulnerability affects multiple Apple platforms including macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1. When processing maliciously crafted web content, this vulnerability could lead to universal cross-site scripting (Apple Support, Apple Support).

The vulnerability stems from a logic issue in the WebKit engine that was addressed with improved state management. It has been assigned a CVSS v3.1 base score of 6.1 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N, indicating that it is network-exploitable, requires low attack complexity, needs no privileges, but does require user interaction (NVD).

When successfully exploited, this vulnerability allows processing of maliciously crafted web content that may lead to universal cross-site scripting. This could potentially allow attackers to execute arbitrary scripts in the context of any website, potentially leading to theft of sensitive information or session hijacking (WebKit Security Advisory).

Apple has released security updates to address this vulnerability across multiple platforms: macOS Monterey 12.0.1, iOS 15.1, iPadOS 15.1, watchOS 8.1, and tvOS 15.1. Users are advised to update their devices to these versions or later. The fix involves improved state management in the WebKit engine (Apple Support, Apple Support).

The vulnerability has also impacted other platforms that use WebKit, leading to security updates in various Linux distributions. Both Debian and Fedora have issued security advisories and patches for their webkit2gtk packages (Debian Advisory, Fedora Update).