🟢 CVE-2021-30952

WebKit integer overflow vulnerability in Apple client operating systems requiring user interaction with malicious web content. Despite CISA KEV listing, this affects client-side web browsers, not internet-facing servers, making it unsuitable for T1190 exploitation.

← Back to Overview
LOW_RISK
Risk Level
8.8
CVSS Score
NETWORK
Attack Vector
Execution
ATT&CK Tactic
T1203 — Exploitation for Client Execution
ATT&CK Technique
VERY_LOW
Deployment Risk
No
Ransomware

📋 Vulnerability Details

Data Source: CIRCL

Confidence: HIGH

Exploitation Method: USER_INTERACTION

CVE Published: 2021-08-24

Added to CISA KEV: 2026-03-05 1654 DAYS BETWEEN CVE AND KEV

🎯 Recommendations:

🔍 Web Intelligence (Kagi · 2026-06-04)

CVE-2021-30952 is an integer overflow vulnerability in Apple’s WebKit engine that allows for arbitrary code execution [1] [2].

Exploitation and Threat Actor Usage
While initially identified in 2021, the vulnerability has seen renewed attention due to its inclusion in active exploit kits.
  • Active Exploitation: As of March 2026, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) added CVE-2021-30952 to its Known Exploited Vulnerabilities (KEV) catalog following its use in the "Coruna" iOS exploit kit [3].
  • Threat Actor Usage: It has been utilized as part of exploit chains within the Coruna kit, which targets iOS devices [3].
Attack Method and Requirements
  • Exploitation Vector: The vulnerability is triggered by processing maliciously crafted web content [1].
  • User Interaction: Successful exploitation requires the victim to voluntarily interact with the attack mechanism (e.g., visiting a malicious website) [1].
  • Access Level: It is a remote exploitation vector, as it relies on web content processing.
Impact
  • Successful Exploitation: An attacker can achieve arbitrary code execution within the context of the browser or the application component utilizing WebKit [2].
  • Real-world Outcome: While the impact is limited by platform protections like sandboxing, it serves as a critical foothold for attackers to chain additional vulnerabilities for further system compromise [2].
Affected Products and Mitigation
The vulnerability was addressed by Apple through improved input validation.
Affected SoftwareFixed Version
iOS / iPadOS15.2
macOS Monterey12.1
tvOS15.2
watchOS8.3
Safari15.2

Users are strongly advised to update to the specified versions or later to mitigate the risk of exploitation.

Sources

  1. NVD - CVE-2021-30952

    CVE-2021-30952 Detail Description An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. ... Victim m…

  2. CVE-2021-30952: Apple WebKit Integer Overflow in iOS, macOS...

    Apple’s stated impact is arbitrary code execution from crafted content, which typically means an attacker may be able to run code in the context of the browser or the app component using WebKit. Real-world outcomes depend on platform protections (sandboxing, system hardening) and whether the attacke…

  3. Coruna iOS Exploit Kit Uses 23 Exploits Across Five Chains Targeting ...

    Update The U.S. Cybersecurity and Infrastructure Security Agency (CISA), on March 5, 2026, added CVE-2021-30952, CVE-2023-41974, and CVE-2023-43000 to its Known Exploited Vulnerabilities (KEV) catalog following the abuse of the flaws in the Coruna exploit kit.

Generated by PatchNow Intelligence System

Analysis based on CIRCL.LU data, Claude AI assessment, and MITRE ATT&CK framework

📄 Download JSON Data | 📡 RSS Feed