Attacker Value
Unknown
CVE-2021-1879
CVE-2021-1879
(Last updated May 16, 2024) ▾
MITRE ATT&CK
Log in to add MITRE ATT&CK tag
Add MITRE ATT&CK tactics and techniques that apply to this CVE.
Description
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
Add Assessment
2
Technical Analysis
This is an actively exploited zero-day in the WebKit browser engine affecting iPhone 6s and later models, as well as a slew of iPad models (and some Apple Watch versions, according to the Bleeping Computer article, though Apple’s characteristically sparse advisory makes no mention of the watch). Discovered by Google’s Threat Analysis Group, requires a user to open maliciously crafted web content. Update those iDevices, kids.
CVSS V3 Severity and Metrics
Data provided by the National Vulnerability Database (NVD)
Base Score:
6.1 Medium
Impact Score:
2.7
Exploitability Score:
2.8
Attack Vector (AV):
Network
Attack Complexity (AC):
Low
Privileges Required (PR):
None
User Interaction (UI):
Required
Scope (S):
Changed
Confidentiality (C):
Low
Integrity (I):
Low
Availability (A):
None
General Information
Vendors
- apple
Products
- ipados,
- iphone os,
- watchos
Exploited in the Wild
