CVE-2021-1765Incorrect Authorization in Apple Macos

CWE-863Incorrect Authorization10 documents9 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 75.81%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apple MacosApple MAC OS XWebkitgtk+1 more
Timeline
PublishedApr 2
Latest updateMay 24

Description

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:NExploitability: 2.8 | Impact: 3.6

Affected Packages4 packages

CVEListV5apple/macosunspecified11.2
NVDapple/macos11.011.2
NVDapple/mac_os_x10.1410.14.6+3
NVDwebkitgtk/webkitgtk< 2.30.6

Also affects: Fedora 32, 33

🔴Vulnerability Details

5
GHSA
GHSA-872w-fg9q-jgjx: This issue was addressed with improved iframe sandbox enforcement2022-05-24
CVEList
CVE-2021-1765: This issue was addressed with improved iframe sandbox enforcement2021-04-02
OSV
CVE-2021-1765: This issue was addressed with improved iframe sandbox enforcement2021-04-02
VulnCheck
Google Chromium PopupBlocker Security Bypass Vulnerability2021
VulnCheck
Apple macOS iframe Sandbox Enforcement Vulnerability2021

📋Vendor Advisories

4
Ubuntu
WebKitGTK vulnerabilities2021-03-29
Red Hat
webkitgtk: IFrame sandboxing policy violation2021-03-22
Apple
CVE-2021-1765: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave2021-02-01
Debian
CVE-2021-1765: webkit2gtk - This issue was addressed with improved iframe sandbox enforcement. This issue is...2021
CVE-2021-1765 — Incorrect Authorization in Apple Macos | cvebase