CVE-2021-30900 - Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Apple | iOS, iPadOS, and macOS

• Date Added:
• 2023-03-30

• Due Date:
• 2023-04-20

Vulnerability Name

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Description

Apple GPU drivers, included in iOS, iPadOS, and macOS, contain an out-of-bounds write vulnerability that may allow a malicious application to execute code with kernel privileges.

Known To Be Used in Ransomware Campaigns?

Unknown

Action

Apply updates per vendor instructions.

Additional Notes

https://support.apple.com/en-us/HT21286, https://support.apple.com/en-us/HT212868, https://support.apple.com/kb/HT212872; https://nvd.nist.gov/vuln/detail/CVE-2021-30900

Latest Security News

XE Hacker Group Exploits VeraCore Zero-Day to Deploy Persistent Web Shells

A Cybersecurity Leader’s Guide to SecVal in 2025

Massive brute force attack uses 2.8 million IPs to target VPN devices

Malicious ML Models on Hugging Face Leverage Broken Pickle Format to Evade Detection

LLM Hijackers Quickly Incorporate DeepSeek API Keys

SolarWinds to Go Private for $4.4B

Microsoft: Thousands of Public ASP.NET Keys Allow Web Server RCE

HPE notifies employees of data breach after Russian Office 365 hack

Top Alert List

Content Security Policy (CSP) Header Not Set

CSP

MediumMissing Anti-clickjacking Header

MediumAbsence of Anti-CSRF Tokens

InformationalInformation Disclosure - Suspicious Comments

MediumContent Security Policy (CSP) Header Not Set

InformationalModern Web Application

LowCross-Domain JavaScript Source File Inclusion

InformationalRe-examine Cache-control Directives

LowX-Content-Type-Options Header Missing

Top CVE List

CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability

CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability

CVE-2020-15069 Sophos XG Firewall Buffer Overflow Vulnerability

CVE-2025-0411 7-Zip Mark of the Web Bypass Vulnerability

CVE-2018-9276 Paessler PRTG Network Monitor OS Command Injection Vulnerability

CVE-2024-53104 Linux Kernel Out-of-Bounds Write Vulnerability

CVE-2024-21413 Microsoft Outlook Improper Input Validation Vulnerability

CVE-2024-49138 Microsoft Windows Common Log File System (CLFS) Driver Heap-Based Buffer Overflow Vulnerability

CVE-2017-3881 Cisco IOS and IOS XE Remote Code Execution Vulnerability

CVE-2024-29059 Microsoft .NET Framework Information Disclosure Vulnerability

Common CWEs

HighCWE-640 Weak Password Recovery Mechanism for Forgotten Password

CWE-1064 Invokable Control Element with Signature Containing an Excessive Number of Parameters

CWE-1286 Improper Validation of Syntactic Correctness of Input

CWE-36 Absolute Path Traversal

CWE-564 SQL Injection: Hibernate

CWE-316 Cleartext Storage of Sensitive Information in Memory

CWE-1274 Improper Access Control for Volatile Memory Containing Boot Code

CWE-40 Path Traversal: '\\UNC\share\name\' (Windows UNC Share)

CWE-300 Channel Accessible by Non-Endpoint

CWE-1116 Inaccurate Comments