Main Vulnerability Database Exploits ID:6917 - Exploit for Use-after-free in Apple iOS and iPadOS - CVE-2021-30858

ID:6917 - Exploit for Use-after-free in Apple iOS and iPadOS - CVE-2021-30858

Published: October 22, 2021

Vulnerability identifier: #VU56475

Vulnerability risk: Critical

CVE-ID: CVE-2021-30858

CWE-ID: CWE-416

Exploitation vector: Remote access

Vulnerable software:
Apple iOS
iPadOS

Link to public exploit:

https://github.com/Jeromeyoung/ps4_8.00_vuln_poc

Vulnerability description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing HTML content in WebKit. A remote attacker can trick the victim to visit a specially crafted web page, trigger a use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Note, the vulnerability is being actively exploited in-the-wild.

Remediation

Install updates from vendor's website.

ID:6917 - Exploit for Use-after-free in Apple iOS and iPadOS - CVE-2021-30858

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human