CISA Known Exploited Vulnerability

CVE-2021-30952

Apple · Multiple Products

Apple Multiple Products Integer Overflow or Wraparound Vulnerability

Date added 2026-03-05

BOD 22-01 due date 2026-03-26

CWE CWE-190

Ransomware Unknown

CISA description

Apple tvOS, macOS, Safari, iPadOS and watchOS contain an integer overflow or wraparound vulnerability due to the processing of maliciously crafted web content that may lead to arbitrary code execution.

Required action

Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.

Notes & references

https://support.apple.com/en-us/HT212975
https://support.apple.com/en-us/HT212976
https://support.apple.com/en-us/HT212978
https://support.apple.com/en-us/HT212980
https://support.apple.com/en-us/HT212982
https://nvd.nist.gov/vuln/detail/CVE-2021-30952

Where this lands in 800-53

Vulnerability data triggers these controls during assessment and continuous monitoring.

RA-5 · Vulnerability Monitoring and Scanning
SI-2 · Flaw Remediation
CM-6 · Configuration Settings
SI-7 · Software, Firmware, and Information Integrity
CM-8 · System Component Inventory

External lookups

NVD · CVE-2021-30952
CVE.org · CVE-2021-30952
CISA KEV catalog (canonical)