Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
cveAppleCVE-2021-1879
HistoryApr 02, 2021 - 7:15 p.m.

CVE-2021-1879

2021-04-0219:15:20
CWE-79
apple
web.nvd.nist.gov
971
In Wild
17
cve-2021-1879
object lifetime management
ios 12.5.2
ios 14.4.2
ipados 14.4.2
watchos 7.3.3
universal cross site scripting
actively exploited
nvd

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited…

Affected configurations

Nvd
Vulners
Node
appleipadosRange<14.4.2
OR
appleiphone_osRange<12.5.2
OR
appleiphone_osRange13.014.4.2
OR
applewatchosRange<7.3.3
VendorProductVersionCPE
appleipados*cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
appleiphone_os*cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
applewatchos*cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*

CNA Affected

[
  {
    "product": "iOS and iPadOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "14.4",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "iOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "12.5",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  },
  {
    "product": "watchOS",
    "vendor": "Apple",
    "versions": [
      {
        "lessThan": "7.3",
        "status": "affected",
        "version": "unspecified",
        "versionType": "custom"
      }
    ]
  }
]

Social References

More

Related

mssecure 1
mmpc 1
prion 1
cvelist 1
thn 7
apple 3
checkpoint_advisories 1
attackerkb 1
malwarebytes 2
cisa_kev 1
nvd 1
threatpost 1
trellix 2
qualysblog 3
googleprojectzero 1
mssecure
mssecure
New sophisticated email-based attack from NOBELIUM
2021-05-28 00:00:50
mmpc
mmpc
New sophisticated email-based attack from NOBELIUM
2021-05-28 00:00:50
prion
prion
Cross site scripting
2021-04-02 19:15:00
cvelist
cvelist
CVE-2021-1879
2021-04-02 18:07:52
thn
thn
SolarWinds Hackers Target Think Tanks With New 'NativeZone' Backdoor
2021-05-28 11:24:00
Google Details iOS, Chrome, IE Zero-Day Flaws Exploited Recently in the Wild
2021-07-15 08:25:00
Russian Hackers Exploit Safari and Chrome Flaws in High-Profile Cyberattack
2024-08-29 15:59:00
apple
apple
About the security content of iOS 12.5.2
2021-03-26 00:00:00
About the security content of watchOS 7.3.3
2021-03-26 00:00:00
About the security content of iOS 14.4.2 and iPadOS 14.4.2
2021-03-26 00:00:00
checkpoint_advisories
checkpoint_advisories
Apple WebKit Use After Free (CVE-2021-1879)
2021-07-26 00:00:00
attackerkb
attackerkb
CVE-2021-1879
2021-04-02 00:00:00
malwarebytes
malwarebytes
SolarWinds attackers launch new campaign
2021-05-28 14:24:01
Update now! Apple patches another privilege escalation bug in iOS and iPadOS
2021-10-12 16:07:53
cisa_kev
cisa_kev
Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
2021-11-03 00:00:00
nvd
nvd
CVE-2021-1879
2021-04-02 19:15:20
threatpost
threatpost
Safari Zero-Day Used in Malicious LinkedIn Campaign
2021-07-15 11:04:49
trellix
trellix
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
The Bug Report – April 2023 Edition
2023-05-03 00:00:00
qualysblog
qualysblog
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
2021-10-18 07:41:18
Protect your Devices from Pegasus Spyware using VMDR for Mobile Devices’ Proactive Approach
2021-07-23 16:31:38
Qualys Response to CISA Alert: Binding Operational Directive 22-01
2021-11-09 06:15:01
googleprojectzero
googleprojectzero
The More You Know, The More You Know You Don’t Know
2022-04-19 00:00:00

CVSS2

4.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

CVSS3

6.1

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

REQUIRED

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

AI Score

6

Confidence

High

EPSS

0.002

Percentile

61.2%

JSON
Related for CVE-2021-1879
mssecure1mmpc1prion1cvelist1thn7apple3checkpoint_advisories1attackerkb1malwarebytes2cisa_kev1nvd1threatpost1trellix2qualysblog3googleprojectzero1