← Zuruck zu CVEs

CVE-2021-1879

MEDIUMCISA KEV

6.1

Beschreibung

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

CVE Details

CVSS v3.1 Bewertung6.1

SchweregradMEDIUM

CVSS VektorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AngriffsvektorNETWORK

KomplexitatLOW

Erforderliche PrivilegienNONE

BenutzerinteraktionREQUIRED

Veroffentlicht4/2/2021

Zuletzt geandert10/23/2025

Quellekev

Honeypot-Sichtungen0

CISA KEV

HerstellerApple

ProduktiOS, iPadOS, and watchOS

SchwachstellennameApple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

KEV Aufnahmedatum2021-11-03

Behebungsfrist2021-11-17

Ransomware-NutzungUnknown

Betroffene Produkte

apple:ipadosapple:iphone_osapple:watchos

Schwachen (CWE)

CWE-79CWE-79

Referenzen

https://support.apple.com/en-us/HT212256(product-security@apple.com)

https://support.apple.com/en-us/HT212257(product-security@apple.com)

https://support.apple.com/en-us/HT212258(product-security@apple.com)

https://support.apple.com/en-us/HT212256(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212257(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212258(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1879(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Korrelationen

Keine Korrelationen erfasst

This product uses data from the NVD API but is not endorsed or certified by the NVD.