CVE-2021-1789
published 2021-04-02CVE-2021-1789: A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security…
PriorityP185high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2022-05-25
Exploited in the wild
EPSS
14.54%
96.2th percentile
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.4_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 14.4 | 14.4 |
| apple | ipados | < 14.4 | 14.4 |
| apple | iphone_os | < 14.4 | 14.4 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.14 < 10.14.6 | 10.14.6 |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0 < 11.2 | 11.2 |
| apple | macos | >= unspecified < 11.2 | 11.2 |
| apple | macos | >= unspecified < 7.3 | 7.3 |
| apple | macos | >= unspecified < 14.4 | 14.4 |
| apple | macos | >= unspecified < 14.0 | 14.0 |
| apple | macos_big_sur_11.2_security_update_2021-001_catalina_security_update_2021-001_mo | — | — |
| apple | tvos | < 14.4 | 14.4 |
| apple | watchos | < 7.3 | 7.3 |
| debian | webkit2gtk | < webkit2gtk 2.30.6-1 (bookworm) | webkit2gtk 2.30.6-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.30.6-1 (bookworm) | webkit2gtk 2.30.6-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| webkitgtk | webkitgtk | < 2.30.6 | 2.30.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →Vulnerability is in the WebKit component; trigger vector is processing maliciously crafted web content leading to a type confusion / arbitrary code execution condition ↗
- →Affected component is WebKitGTK and WPE WebKit on Linux platforms in versions prior to 2.30.6; detection should focus on unpatched webkit2gtk3 / webkitgtk3 package versions below this threshold ↗
- →CVE is listed in CISA KEV, confirming active exploitation in the wild; prioritize detection and patching on Apple and Linux WebKit-based browsers/applications ↗
- ·Fixed in WebKitGTK/WPE WebKit version 2.30.6-1 across Debian stable/testing/sid branches; systems running earlier versions remain vulnerable ↗
- ·Red Hat webkit2gtk3 on RHEL 9 is listed as Not Affected; webkitgtk on RHEL 6 and webkitgtk3 on RHEL 7 are out of support scope and will not receive patches ↗
- ·Apple fixed the issue across multiple product lines; unpatched Apple devices (iOS/iPadOS < 14.4, macOS < Big Sur 11.2, Safari < 14.0.3, tvOS < 14.4, watchOS < 7.3) remain exploitable via web browsing ↗
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.8HIGH
vulncheck8.8HIGH
cisa8.8HIGH
vendor_debian8.8HIGH
vendor_redhat8.8HIGH
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
kernel: rtw88: Fix array overrun in rtw_get_tx_power_params()
vendor_redhat·2024-02-29·CVSS 7.8
CVE-2021-47065 [HIGH] CWE-121 kernel: rtw88: Fix array overrun in rtw_get_tx_power_params()
kernel: rtw88: Fix array overrun in rtw_get_tx_power_params()
In the Linux kernel, the following vulnerability has been resolved:
rtw88: Fix array overrun in rtw_get_tx_power_params()
Using a kernel with the Undefined Behaviour Sanity Checker (UBSAN) enabled, the
following array overrun is logged:
UBSAN: array-index-out-of-bounds in /home/finger/wireless-drivers-next/drivers/net/wireless/realtek/rtw88/phy.c:1789:34
index 5 is out of range for type 'u8 [5]'
CPU: 2 PID: 84 Comm: kworker/u16:3 Tainted: G O 5.12.0-rc5-00086-gd88bba47038e-dirty #651
Hardware name: TOSHIBA TECRA A50-A/TECRA A50-A, BIOS Version 4.50 09/29/2014
Workqueue: phy0 ieee80211_scan_work [mac80211]
Call Trace:
dump_stack+0x64/0x7c
ubsan_epilogue+0x5/0x40
__ubsan_handle_out_of_bounds.cold+0x43/0x48
rtw_get_tx_power_params
CISA
Apple Multiple Products Type Confusion Vulnerability
cisa·2022-05-04·CVSS 8.8
CVE-2021-1789 [HIGH] CWE-843 Apple Multiple Products Type Confusion Vulnerability
Vulnerability: Apple Multiple Products Type Confusion Vulnerability
Affected: Apple Multiple Products
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-1789
Remediation Due Date: 2022-05-25
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2021-03-29
CVE-2021-1765 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Type confusion issue leading to arbitrary code execution
vendor_redhat·2021-03-22·CVSS 8.8
CVE-2021-1789 [HIGH] CWE-843 webkitgtk: Type confusion issue leading to arbitrary code execution
webkitgtk: Type confusion issue leading to arbitrary code execution
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
A type confusion vulnerability was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. Processing maliciously crafted web content may lead to arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Out of support scope
Package: webkitgtk3 (Red Hat Enterpris
Apple
CVE-2021-1789: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
vendor_apple·2021-02-01·CVSS 8.8
CVE-2021-1789 [HIGH] CVE-2021-1789: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Apple Security Update: About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Product: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
CVE: CVE-2021-1789
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
Apple
CVE-2021-1789: iOS 14.4 and iPadOS 14.4
vendor_apple·2021-01-26·CVSS 8.8
CVE-2021-1789 [HIGH] CVE-2021-1789: iOS 14.4 and iPadOS 14.4
Apple Security Update: About the security content of iOS 14.4 and iPadOS 14.4
Product: iOS 14.4 and iPadOS
Version: 14.4
CVE: CVE-2021-1789
Component: WebKit
Impact: Processing maliciously crafted web content may lead to arbitrary code execution
Description: A type confusion issue was addressed with improved state handling.
Debian
CVE-2021-1789: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is...
vendor_debian·2021·CVSS 8.8
CVE-2021-1789 [HIGH] CVE-2021-1789: webkit2gtk - A type confusion issue was addressed with improved state handling. This issue is...
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Scope: local
bookworm: resolved (fixed in 2.30.6-1)
bullseye: resolved (fixed in 2.30.6-1)
forky: resolved (fixed in 2.30.6-1)
sid: resolved (fixed in 2.30.6-1)
trixie: resolved (fixed in 2.30.6-1)
GHSA
GHSA-c838-pj7m-89q4: A type confusion issue was addressed with improved state handling
ghsa_unreviewed·2022-05-24
CVE-2021-1789 [HIGH] CWE-843 GHSA-c838-pj7m-89q4: A type confusion issue was addressed with improved state handling
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
OSV
CVE-2021-1789: A type confusion issue was addressed with improved state handling
osv·2021-04-02·CVSS 8.8
CVE-2021-1789 [HIGH] CVE-2021-1789: A type confusion issue was addressed with improved state handling
A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
VulnCheck
Apple Multiple Products Type Confusion Vulnerability
vulncheck·2021·CVSS 8.8
CVE-2021-1789 [HIGH] CWE-843 Apple Multiple Products Type Confusion Vulnerability
Apple Multiple Products Type Confusion Vulnerability
A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.
Affected: Apple Multiple Products
Required Action: Apply updates per vendor instructions.
Exploitation References: https://blog.google/threat-analysis-group/analyzing-watering-hole-campaign-using-macos-exploits/; https://www.welivesecurity.com/2022/01/25/watering-hole-deploys-new-macos-malware-dazzlespy-asia/; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json; https://objective-see.org/blog/blog_0x71.html; https://www.group-ib.com/resources/research-hub/hi-tech-crime-trends-2022/
Remediation Due: 2022-05-25
No detection rules found.
No public exploits indexed.
Sentinelone
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
blogs_sentinelone·2023-01-09
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Our 2022 review of macOS malware revealed that the threats faced by businesses and users running macOS endpoints included an increase in backdoors and cross-platform attack frameworks. Threats like CrateDepression and PyMafka used typosquatting attacks against package repositories to infect users, while ChromeLoader and others like oRAT leveraged malvertising as an infection vector.
However, the infection vector used by many other macOS threats remains unknown. SysJoker, OSX.Gimmick, CloudMensis, Alchimist and the Lazarus-attributed Operation In(ter)ception are just some of those for which researchers still do not know how victims were initially compromised. In these and other cases, researchers happened across the malware either in post-infection analyses or by discovering the samples on
Sentinelone
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
blogs_sentinelone·2023-01-09
7 Ways Threat Actors Deliver macOS Malware in the Enterprise
Our 2022 review of macOS malware revealed that the threats faced by businesses and users running macOS endpoints included an increase in backdoors and cross-platform attack frameworks. Threats like CrateDepression and PyMafka used typosquatting attacks against package repositories to infect users, while ChromeLoader and others like oRAT leveraged malvertising as an infection vector.
However, the infection vector used by many other macOS threats remains unknown. SysJoker , OSX.Gimmick, CloudMensis, Alchimist and the Lazarus-attributed Operation In(ter)ception are just some of those for which researchers still do not know how victims were initially compromised. In these and other cases, researchers happened across the malware either in post-infection analyses or by discovering the samples o
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/https://security.gentoo.org/glsa/202104-03https://support.apple.com/en-us/HT212146https://support.apple.com/en-us/HT212147https://support.apple.com/en-us/HT212148https://support.apple.com/en-us/HT212149https://support.apple.com/en-us/HT212152https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/https://security.gentoo.org/glsa/202104-03https://support.apple.com/en-us/HT212146https://support.apple.com/en-us/HT212147https://support.apple.com/en-us/HT212148https://support.apple.com/en-us/HT212149https://support.apple.com/en-us/HT212152https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789
2021-04-02
Published
2022-05-04
Added to CISA KEV
Exploited in the wild