Description
An integer overflow was addressed with improved input validation. This issue is fixed in tvOS 15.2, macOS Monterey 12.1, Safari 15.2, iOS 15.2 and iPadOS 15.2, watchOS 8.3. Processing maliciously crafted web content may lead to arbitrary code execution.
CISA Known Exploited Vulnerability
Date added 2026-03-05 | Due date 2026-03-26
Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
Problem types
Processing maliciously crafted web content may lead to arbitrary code execution
Product status
References
support.apple.com/en-us/HT212975
support.apple.com/en-us/HT212976
support.apple.com/en-us/HT212978
support.apple.com/en-us/HT212980
support.apple.com/en-us/HT212982
www.openwall.com/lists/oss-security/2022/01/21/2 ([oss-security] 20220121 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001)
lists.fedoraproject.org/...7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/ (FEDORA-2022-25a98f5d55)
www.debian.org/security/2022/dsa-5061 (DSA-5061)
www.debian.org/security/2022/dsa-5060 (DSA-5060)
lists.fedoraproject.org/...HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/ (FEDORA-2022-f7366e60cb)
cloud.google.com/...lligence/coruna-powerful-ios-exploit-kit
www.cisa.gov/...erabilities-catalog?field_cve=CVE-2021-30952
support.apple.com/en-us/HT212975
support.apple.com/en-us/HT212976
support.apple.com/en-us/HT212978
support.apple.com/en-us/HT212980
support.apple.com/en-us/HT212982
www.openwall.com/lists/oss-security/2022/01/21/2 ([oss-security] 20220121 WebKitGTK and WPE WebKit Security Advisory WSA-2022-0001)
lists.fedoraproject.org/...7EQVZ3CEMTINLBZ7PBC7WRXVEVCRHNSM/ (FEDORA-2022-25a98f5d55)
www.debian.org/security/2022/dsa-5061 (DSA-5061)
www.debian.org/security/2022/dsa-5060 (DSA-5060)
lists.fedoraproject.org/...HQKWD4BXRDD2YGR5AVU7H5J5PIQIEU6V/ (FEDORA-2022-f7366e60cb)