Main Vulnerability Database Exploits ID:7215 - Exploit for Integer overflow in Apple iOS and iPadOS - CVE-2021-30860

ID:7215 - Exploit for Integer overflow in Apple iOS and iPadOS - CVE-2021-30860

Published: December 30, 2021

Vulnerability identifier: #VU56067

Vulnerability risk: Critical

CVE-ID: CVE-2021-30860

CWE-ID: CWE-190

Exploitation vector: Remote access

Vulnerable software:
Apple iOS
iPadOS

Link to public exploit:

https://github.com/30440r/gex

Vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to integer overflow when processing PDF files within the CoreGraphics component. A remote attacker can trick the victim to open a specially crafted PDF file, trigger integer overflow and execute arbitrary code on the target system.

Note, the vulnerability is being active exploited in-the-wild via the FORCEDENTRY tool against Bahraini activists.

Remediation

Install update from vendor's website.

ID:7215 - Exploit for Integer overflow in Apple iOS and iPadOS - CVE-2021-30860

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human