CVE-2021-30952: Technical Deep-Dive (Auto Refreshed)

Generated on 2026-03-22T21:43:46.292Z. This file is automatically regenerated every 30 minutes by the CVE AI enrichment job using web sources (NVD, MITRE, CISA KEV, GitHub).

Executive Technical Summary

An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.

• Context preserved from previous revision: An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution. Notes: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.

Technical Details

• CVE: CVE-2021-30952
• KEV date added: 2026-03-05
• KEV due date: 2026-03-26
• NVD published: 2021-08-24
• NVD modified: 2026-03-06
• MITRE modified: 2026-03-06
• CVSS base score: 7.8
• CVSS vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
• CVSS exploitability score: 1.8
• CVSS impact score: 5.9
• Attack vector: Local
• Attack complexity: Low
• Privileges required: None
• User interaction: Required
• Scope: Unchanged
• Confidentiality impact: High
• Integrity impact: High
• Availability impact: High

Versions and Products Impacted

• apple / safari (versions: < 15.2)
• apple / ipados (versions: < 15.2)
• apple / iphone os (versions: < 15.2)
• apple / macos (versions: >= 12.0, < 12.1)
• apple / tvos (versions: < 15.2)
• apple / watchos (versions: < 8.3)
• fedoraproject / fedora (versions: 34)
• fedoraproject / fedora (versions: 35)
• debian / debian linux (versions: 10.0)
• debian / debian linux (versions: 11.0)
• webkitgtk / webkitgtk (versions: < 2.34.4)
• wpewebkit / wpe webkit (versions: < 2.34.4)
• Apple / watchOS (versions: unspecified)
• Apple / iOS and iPadOS (versions: unspecified)
• Apple / macOS (versions: unspecified)

Weakness Classification

• CWE-190
• Processing maliciously crafted web content may lead to arbitrary code execution

Repositories for Lab Validation (Public Examples)

• nomi-sec/PoC-in-GitHub | stars: 7593 | updated: 2026-03-22 | https://github.com/nomi-sec/PoC-in-GitHub
  Notes: 📡 PoC auto collect from GitHub. ⚠️ Be careful Malware.
• zeroxjf/iOS-Coruna-Reconstruction | stars: 33 | updated: 2026-03-22 | https://github.com/zeroxjf/iOS-Coruna-Reconstruction
  Notes: Reverse-engineering reconstruction of the Coruna iOS exploit kit (iOS 16/17 chains)
• Billy-Ellis/coruna-buffout | stars: 32 | updated: 2026-03-22 | https://github.com/Billy-Ellis/coruna-buffout
  Notes: A work-in-progress re-implementation of the buffout WebKit exploit used in the 'Coruna' iOS spyware
• 0xcrypto/apple-cves | stars: 0 | updated: 2026-03-22 | https://github.com/0xcrypto/apple-cves

People and Organizations Mentioned

• apple
• Multiple Products
• nomi-sec
• zeroxjf
• Billy-Ellis
• 0xcrypto

Practical Defensive Validation (Authorized Only)

1. Use only isolated environments and systems you own or are explicitly authorized to test.
2. Snapshot infrastructure before validation and preserve baseline logs (EDR, SIEM, OS, app).
3. Use apple / safari (versions: < 15.2) in isolated VM snapshots (vulnerable vs patched) and compare process tree telemetry before/after updates.
4. Validate command-execution prevention policies (AppLocker/WDAC/EDR) with harmless test binaries only.
5. Create SIEM detections for suspicious parent-child chains, encoded command usage, and abnormal service creation.

References

• NVD record: https://nvd.nist.gov/vuln/detail/CVE-2021-30952
• MITRE CVE record: https://www.cve.org/CVERecord?id=CVE-2021-30952
• CISA KEV Catalog: https://www.cisa.gov/known-exploited-vulnerabilities-catalog
• CISA KEV JSON feed: https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
• KEV notes: https://support.apple.com/en-us/HT212975 ; https://support.apple.com/en-us/HT212976 ; https://support.apple.com/en-us/HT212978 ; https://support.apple.com/en-us/HT212980 ; https://support.apple.com/en-us/HT212982 ; https://nvd.nist.gov/vuln/detail/CVE-2021-30952
• http://www.openwall.com/lists/oss-security/2022/01/21/2
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/
• https://support.apple.com/en-us/HT212975
• https://support.apple.com/en-us/HT212976
• https://support.apple.com/en-us/HT212978
• https://support.apple.com/en-us/HT212980
• https://support.apple.com/en-us/HT212982
• https://www.debian.org/security/2022/dsa-5060
• https://www.debian.org/security/2022/dsa-5061
• https://cloud.google.com/blog/topics/threat-intelligence/coruna-powerful-ios-exploit-kit
• https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-30952
• Repository example: https://github.com/nomi-sec/PoC-in-GitHub
• Repository example: https://github.com/zeroxjf/iOS-Coruna-Reconstruction
• Repository example: https://github.com/Billy-Ellis/coruna-buffout
• Repository example: https://github.com/0xcrypto/apple-cves

This content is for defensive security training and authorized validation only.