CVE-2021-30762
ENISA EUVD: EUVD-2021-17679 ↗
Exploited in the Wild
✓ Confirmed 0-Day
Triaged: March 20, 2026
9 articles
Published: 2021-09-08
EPSS Score
Source: FIRST.org · 2026-05-23
0.04%
probability
This CVE has a 0.04% probability
of being exploited in the next 30 days.
0%
Top 12.9th percentile of all CVEs
100%
CVSS v3.1
Source: VulnerabilityLookup (CIRCL)8.8
HIGH
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
Required
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CVSS v2 (legacy)
6.8
MEDIUM
Access Vector
Network
Access Complexity
Medium
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
AV:N/AC:M/Au:N/C:P/I:P/A:P
Description
VulnerabilityLookup (CNA)A use after free issue was addressed with improved memory management. This issue is fixed in iOS 12.5.4. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Affected Products
Apple
iOS
unspecified
Attack Intelligence
CWE-118
· Incorrect Access of Indexable Resource ('Range Error')
CWE-119
· Buffer Overflow
CWE-416
· Use After Free
CWE-664
· Improper Control of a Resource Through its Lifetime
CWE-666
· Operation on Resource in Wrong Phase of Lifetime
CWE-672
· Operation on a Resource after Expiration or Release
CWE-825
· Expired Pointer Dereference
https://support.apple.com/en-us/HT212548
x_refsource_MISC
Signal Intelligence
Confidence
92%
EPSS
0.04%
CVSS v3.1
8.8
Mentions
9
Last Seen
Nov 09, 2021
CNA Information
CNA Assigner
apple
Analyst Note
Multiple authoritative sources (Qualys, BleepingComputer) explicitly confirm CVE-2021-30762 as a zero-day exploited in the wild, with Apple issuing an emergency iOS 15.0.2 patch. Articles confirm exploitation occurred prior to or simultaneously with patch availability, meeting all zero-day criteria.
Triage Info
Decided atMar 20, 2026
Published DateSep 08, 2021