CVE-2021-30858

ENISA EUVD: EUVD-2021-17775 ↗

Exploited in the Wild ✓ Confirmed 0-Day ★ Google Project Zero

Triaged: March 3, 2026 8 articles Published: 2021-08-24

VulnLookup ↗ NVD ↗ EUVD ↗ MITRE ↗ Advisory ↗ P0 Sheet ↗ CISA KEV ↗

EPSS Score

Source: FIRST.org · 2026-05-23

0.79%

probability

This CVE has a 0.79% probability of being exploited in the next 30 days.

0% Top 74.2th percentile of all CVEs 100%

CVSS v3.1

Source: VulnerabilityLookup (CIRCL)

8.8

HIGH

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

Required

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CVSS v2 (legacy)

6.8

MEDIUM

Access Vector

Network

Access Complexity

Medium

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

AV:N/AC:M/Au:N/C:P/I:P/A:P

Description

VulnerabilityLookup (CNA)

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Processing maliciously crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Affected Products

Apple

macOS

unspecified

Apple

iOS

unspecified

apple

ipados

apple

iphone os

apple

macos

fedoraproject

fedora

debian

debian linux

Apple

IOS

unspecified <14.8

Apple

macOS

unspecified <11.6

Apple

IOS

unspecified <14.8

Attack Intelligence

CWE-118 · Incorrect Access of Indexable Resource ('Range Error') CWE-119 · Buffer Overflow CWE-416 · Use After Free CWE-664 · Improper Control of a Resource Through its Lifetime CWE-666 · Operation on Resource in Wrong Phase of Lifetime CWE-672 · Operation on a Resource after Expiration or Release CWE-825 · Expired Pointer Dereference

Google Project Zero

Patched

Sept. 13, 2021

Reported by

???

Root Cause Analysis

https://googleprojectzero.github.io/0days-in-the-wild//0day-RCAs/2021/CVE-2021-30858.html

Exploits & PoC

kmeps4/CVEREV3

Testing CVE-2021-30858 Rev3

1 2021-10-14

Jeromeyoung/ps4_8.00_vuln_poc

My take on CVE-2021-30858 for ps4 8.xx

0 2021-10-14

2 repos — triés par ⭐ Rechercher sur GitHub ↗

https://support.apple.com/en-us/HT212804

x_refsource_MISC

https://support.apple.com/en-us/HT212807

x_refsource_MISC

http://seclists.org/fulldisclosure/2021/Sep/27

mailing-list x_refsource_FULLDISC

http://seclists.org/fulldisclosure/2021/Sep/25

mailing-list x_refsource_FULLDISC

http://seclists.org/fulldisclosure/2021/Sep/29

mailing-list x_refsource_FULLDISC

http://www.openwall.com/lists/oss-security/2021/09/20/1

mailing-list x_refsource_MLIST

Signal Intelligence

Confidenceⓘ

92%

EPSS 0.79%

CVSS v3.1 8.8

Mentions 8

Last Seen Nov 09, 2021

CNA Information

CNA Assigner

apple

Analyst Note

CVE-2021-30858 is confirmed as a high-severity use-after-free vulnerability in Apple products with CVSS 8.8, actively exploited in the wild and reported by Google Project Zero. Apple's official patching across iOS, iPadOS, and macOS, combined with public exploitation evidence and CERT-EU advisory coverage, provides strong confirmation of this vulnerability's authenticity and impact.

Triage Info

Decided atMar 03, 2026

Published DateAug 24, 2021