Vulnerability intelligence

CVE-2021-30900

Apple iOS, iPadOS, and macOS Out-of-Bounds Write Vulnerability

Apple iOS, iPadOS, and macOS

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1. A malicious application may be able to execute arbitrary code with kernel privileges.

CVSS Score

7.8

High

EPSS — Exploit Probability

0.5%

Riskier than 66% of all CVEs

Exploitation

Confirmed in the wild

Used in ransomware campaigns

Remediation

Patch available

Federal deadline 2023-04-20

CISA required action

Apply updates per vendor instructions. Deadline for federal agencies: 2023-04-20.

NVD entry Vendor patch PoC / advisory CISA KEV

1 article across 1 outlet · first covered May 3, 2026 · latest May 3, 2026

Coverage timeline

Spyware vendors use 0-days and n-days against popular platforms
blog.google · May 3, 2026

Related CVEs — Apple

CVE-2025-43300KEV CVE-2022-42856KEV