Technical Severity
HIGH
CVSS v3.1 Metrics
7.8
/ 10
Minimal Risk
Critical
Vector Specification
CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Exploitation Likelihood
EPSS Prediction
1.11
%
Predictive Probability
Percentile Rank
77.7
th
Documented as more likely to be exploited than 77.7% of known CVEs.
Detection Date
Nov 03, 2021
Remediation Due
Nov 17, 2021
CISA Catalog Active
Threat Analysis
Apple iOS, iPadOS, macOS, tvOS, and Safari WebKit contain an integer overflow vulnerability that leads to code execution when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Remediation Directive
Apply updates per vendor instructions.