CVE-2021-1870
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
YesDecision
Descriptions
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Se abordó un problema de lógica con unas restricciones mejoradas. Este problema es corregido en macOS Big Sur versión 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS versión 14.4 y iPadOS versión 14.4. Un atacante remoto puede conllevar a una ejecución de código arbitraria. Apple tiene conocimiento de un reporte que indica que este problema puede haber sido explotado activamente.
A logic issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A remote attacker may be able to cause arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2020-12-08 CVE Reserved
- 2021-01-27 CVE Published
- 2021-11-03 Exploited in Wild
- 2021-11-17 KEV Due Date
- 2024-07-27 EPSS Updated
- 2024-08-03 CVE Updated
- ---------- First Exploit
CWE
- CWE-20: Improper Input Validation
CAPEC
References (7)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Apple Search vendor "Apple" | Ipad Os Search vendor "Apple" for product "Ipad Os" | < 14.4 Search vendor "Apple" for product "Ipad Os" and version " < 14.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Iphone Os Search vendor "Apple" for product "Iphone Os" | < 14.4 Search vendor "Apple" for product "Iphone Os" and version " < 14.4" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | >= 10.15 < 10.15.7 Search vendor "Apple" for product "Mac Os X" and version " >= 10.15 < 10.15.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | - |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | security_update_2020-001 |
Affected
| ||||||
Apple Search vendor "Apple" | Mac Os X Search vendor "Apple" for product "Mac Os X" | 10.15.7 Search vendor "Apple" for product "Mac Os X" and version "10.15.7" | supplemental_update |
Affected
| ||||||
Apple Search vendor "Apple" | Macos Search vendor "Apple" for product "Macos" | >= 11.0.1 < 11.2 Search vendor "Apple" for product "Macos" and version " >= 11.0.1 < 11.2" | - |
Affected
| ||||||
Webkitgtk Search vendor "Webkitgtk" | Webkitgtk Search vendor "Webkitgtk" for product "Webkitgtk" | < 2.30.6 Search vendor "Webkitgtk" for product "Webkitgtk" and version " < 2.30.6" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 32 Search vendor "Fedoraproject" for product "Fedora" and version "32" | - |
Affected
| ||||||
Fedoraproject Search vendor "Fedoraproject" | Fedora Search vendor "Fedoraproject" for product "Fedora" | 33 Search vendor "Fedoraproject" for product "Fedora" and version "33" | - |
Affected
|