ACCORDING to CISA, the Known Exploited Vulnerabilities (KEV) catalog lists CVE-2021-30952 as an Apple vulnerability affecting multiple products. It is described as an Integer Overflow or Wraparound vulnerability impacting Apple tvOS, macOS, Safari, iPadOS and watchOS, due to the processing of maliciously crafted web content, with potential arbitrary code execution. The entry shows Date Added as 5 March 2026 and Due Date as 26 March 2026, and notes that it is Unknown whether it has been used in ransomware campaigns.
The recommended action is to apply mitigations per vendor instructions, follow applicable guidance for cloud services, or discontinue use of the product if mitigations are unavailable. Additional notes provide links to Apple support pages and the NVD entry for further details.