← Back to CVEs

CVE-2021-1879

MEDIUMCISA KEV

6.1

Description

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

CVE Details

CVSS v3.1 Score6.1

SeverityMEDIUM

CVSS VectorCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Attack VectorNETWORK

ComplexityLOW

Privileges RequiredNONE

User InteractionREQUIRED

Published4/2/2021

Last Modified10/23/2025

Sourcekev

Honeypot Sightings0

CISA KEV

VendorApple

ProductiOS, iPadOS, and watchOS

Vulnerability NameApple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

KEV Date Added2021-11-03

Remediation Due Date2021-11-17

Ransomware UseUnknown

Affected Products

apple:ipadosapple:iphone_osapple:watchos

Weaknesses (CWE)

CWE-79CWE-79

References

https://support.apple.com/en-us/HT212256(product-security@apple.com)

https://support.apple.com/en-us/HT212257(product-security@apple.com)

https://support.apple.com/en-us/HT212258(product-security@apple.com)

https://support.apple.com/en-us/HT212256(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212257(af854a3a-2127-422b-91ae-364da2661108)

https://support.apple.com/en-us/HT212258(af854a3a-2127-422b-91ae-364da2661108)

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1879(134c704f-9b21-4f2e-91b3-4a467353bcc0)

IOC Correlations

No correlations recorded

This product uses data from the NVD API but is not endorsed or certified by the NVD.