CVE-2021-30952 – Apple WebKit and Kernel Security Vulnerabilities
“Three Apple vulnerabilities reveal how both malicious web content and kernel-level weaknesses can open the door to device compromise. A single webpage or malicious app could potentially trigger code execution deep inside the system.”
Apple released security updates addressing three vulnerabilities affecting WebKit and the Apple kernel across multiple Apple platforms. CVE-2021-30952 is an integer overflow vulnerability in WebKit with a CVSS v3.1 score of 7.8 (High). An attacker could exploit the issue by delivering specially crafted web content that triggers a memory error, potentially allowing arbitrary code execution when processed by Safari or other applications that rely on WebKit.
CVE-2023-43000 is a kernel vulnerability with a CVSS v3.1 score of 7.8 (High) that could allow an application to execute arbitrary code with kernel privileges. Because the kernel operates at the core of the operating system, successful exploitation could allow attackers to bypass security controls and gain deep system-level access.
Apple also addressed CVE-2023-41974, another WebKit vulnerability with a CVSS v3.1 score of 8.8 (High). Processing specially crafted web content could lead to arbitrary code execution within the context of the affected application. Apple resolved these issues through security updates affecting iOS, iPadOS, macOS, Safari, and other Apple platform components. CVE-2023-41974 has been reported as actively exploited in the wild, indicating attackers were already leveraging the issue before patches were widely deployed.
Key Details
- Affected Product
- Apple Safari
- Attack Vector
- Local
- Attack Complexity
- Low
- Privileges Required
- None
- User Interaction
- Required
- CWE Classification
- CWE-190