cbcvebase.
CVE-2021-1789
published 2021-04-02

CVE-2021-1789: A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security…

PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-25
Exploited in the wild
EPSS
14.54%
96.2th percentile
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Affected

21 ranges
VendorProductVersion rangeFixed in
appleios_14.4_and_ipados
appleios_and_ipados>= unspecified < 14.414.4
appleipados< 14.414.4
appleiphone_os< 14.414.4
applemac_os_x
applemac_os_x
applemac_os_x>= 10.14 < 10.14.610.14.6
applemac_os_x>= 10.15 < 10.15.710.15.7
applemacos>= 11.0 < 11.211.2
applemacos>= unspecified < 11.211.2
applemacos>= unspecified < 7.37.3
applemacos>= unspecified < 14.414.4
applemacos>= unspecified < 14.014.0
applemacos_big_sur_11.2_security_update_2021-001_catalina_security_update_2021-001_mo
appletvos< 14.414.4
applewatchos< 7.37.3
debianwebkit2gtk< webkit2gtk 2.30.6-1 (bookworm)webkit2gtk 2.30.6-1 (bookworm)
debianwpewebkit< webkit2gtk 2.30.6-1 (bookworm)webkit2gtk 2.30.6-1 (bookworm)
fedoraprojectfedora
fedoraprojectfedora
webkitgtkwebkitgtk< 2.30.62.30.6

Detection & IOCsextracted from sources · hover to see the quote

  • Vulnerability is in the WebKit component; trigger vector is processing maliciously crafted web content leading to a type confusion / arbitrary code execution condition
  • Affected component is WebKitGTK and WPE WebKit on Linux platforms in versions prior to 2.30.6; detection should focus on unpatched webkit2gtk3 / webkitgtk3 package versions below this threshold
  • CVE is listed in CISA KEV, confirming active exploitation in the wild; prioritize detection and patching on Apple and Linux WebKit-based browsers/applications
  • ·Fixed in WebKitGTK/WPE WebKit version 2.30.6-1 across Debian stable/testing/sid branches; systems running earlier versions remain vulnerable
  • ·Red Hat webkit2gtk3 on RHEL 9 is listed as Not Affected; webkitgtk on RHEL 6 and webkitgtk3 on RHEL 7 are out of support scope and will not receive patches
  • ·Apple fixed the issue across multiple product lines; unpatched Apple devices (iOS/iPadOS < 14.4, macOS < Big Sur 11.2, Safari < 14.0.3, tvOS < 14.4, watchOS < 7.3) remain exploitable via web browsing

CVSS provenance

nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.