CVE-2021-30936: 
Apple Safari vulnerability analysis and mitigation

CVE-2021-30936 is a use-after-free vulnerability that was discovered in WebKit, affecting multiple Apple products including tvOS, macOS Monterey, Safari, iOS, iPadOS, and watchOS. The vulnerability was addressed with improved memory management in updates released on December 13, 2021. The affected versions included systems prior to tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 15.2, and watchOS 8.3 (Apple Support).

The vulnerability is classified as a use-after-free issue in WebKit that could be triggered when processing maliciously crafted web content. The vulnerability received a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The issue was discovered by Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab (NVD).

When exploited, this vulnerability could lead to arbitrary code execution on affected systems. An attacker could potentially execute malicious code by having a user process specially crafted web content (Apple Support, Debian Security).

Apple addressed this vulnerability by releasing security updates across multiple platforms: tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2, iPadOS 15.2, and watchOS 8.3. Additionally, Debian released fixes in webkit2gtk version 2.34.4-1~deb10u1 for oldstable (buster) and version 2.34.4-1~deb11u1 for stable (bullseye) distributions (Apple Support, Debian Security).