返回 CVE 浏览器

CVE-2021-30663

Known Exploited (CISA KEV)HIGH

8.8

CVSS Severity Score

EPSS Score33.4110%

EPSS Percentile85.24th

Published2021年9月8日

Last Modified2025年10月23日

Vulnerability Description

An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected Platforms (CPE)

📦

Apple

Safari

< 14.1.1

💻

Apple

Ipados

>= 14.0 and < 14.5.1

💻

Apple

Iphone Os

< 12.5.3

💻

Apple

Iphone Os

>= 14.0 and < 14.5.1

💻

Apple

Macos

>= 11.0 and < 11.3.1

💻

Apple

Tvos

< 14.6

References & Advisories

🔗 https://support.apple.com/en-us/HT212335

🔗 https://support.apple.com/en-us/HT212336

🔗 https://support.apple.com/en-us/HT212341

🔗 https://support.apple.com/en-us/HT212532

🔗 https://support.apple.com/en-us/HT212534

🔗 https://support.apple.com/en-us/HT212335

🔗 https://support.apple.com/en-us/HT212336

🔗 https://support.apple.com/en-us/HT212341

相关漏洞威胁

CVE-2004-053910.0

The "Show in Finder" button in the Safari web browser in Mac OS X 10.3.4 and 10.2.8 may execute downloaded applications, which cou...

CVE-2007-284310.0

Cross-domain vulnerability in Apple Safari 2.0.4 allows remote attackers to access restricted information from other domains via J...

CVE-2004-009210.0

Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10.3.2, with unknown impact.

CVE-2008-230310.0

Integer signedness error in Safari on Apple iPhone before 2.0 and iPod touch before 2.0 allows remote attackers to execute arbitra...