CVE-2021-30770

Published: Sep 8, 2021Modified: Jun 17, 2026

5.5

Vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N

Exploitability: 1.8 / Impact: 3.6

Source: NVD

Description

A logic issue was addressed with improved validation. This issue is fixed in iOS 14.7, tvOS 14.7, watchOS 7.6. An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations.

Affected (3)

Products: Apple: Iphone Os, Tvos, Watchos

3 products

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Apple Iphone Os	Before 14.7
Apple Tvos	Before 14.7
Apple Watchos	Before 7.6

Related CWEs

CWE-287

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (6)

https://support.apple.com/en-us/HT212601

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212604

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212605

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212601

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212604

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212605

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

Timeline

No history available yet.