CVE-2021-1870
published 2021-04-02CVE-2021-1870: A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001…
PriorityP185critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
EPSS
7.92%
94.0th percentile
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Affected
14 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios_14.4_and_ipados | — | — |
| apple | ios_and_ipados | >= unspecified < 14.4 | 14.4 |
| apple | ipados | < 14.4 | 14.4 |
| apple | iphone_os | < 14.4 | 14.4 |
| apple | mac_os_x | — | — |
| apple | mac_os_x | >= 10.15 < 10.15.7 | 10.15.7 |
| apple | macos | >= 11.0.1 < 11.2 | 11.2 |
| apple | macos | >= unspecified < 11.2 | 11.2 |
| apple | macos_big_sur_11.2_security_update_2021-001_catalina_security_update_2021-001_mo | — | — |
| debian | webkit2gtk | < webkit2gtk 2.30.6-1 (bookworm) | webkit2gtk 2.30.6-1 (bookworm) |
| debian | wpewebkit | < webkit2gtk 2.30.6-1 (bookworm) | webkit2gtk 2.30.6-1 (bookworm) |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| webkitgtk | webkitgtk | < 2.30.6 | 2.30.6 |
Detection & IOCsextracted from sources · hover to see the quote
- →CVE-2021-1870 is a logic issue in WebKit (not a memory corruption); detection should focus on anomalous remote code execution originating from WebKit rendering processes rather than typical heap/stack exploitation patterns ↗
- →Flag unpatched WebKitGTK / WPE WebKit instances with versions prior to 2.30.6 on Linux hosts as vulnerable and actively exploitable ↗
- →Apple confirmed in-the-wild exploitation; treat any unpatched Apple device running iOS/iPadOS < 14.4 or macOS < Big Sur 11.2 as actively at risk and prioritize detection/patching ↗
- ·Affected WebKitGTK/WPE WebKit versions are strictly those prior to 2.30.6; Red Hat notes webkit2gtk3 on RHEL 9 is NOT affected, and webkitgtk3 on RHEL 7 will not be fixed — scope detection rules accordingly ↗
- ·The Debian security tracker classifies scope as 'local' for its packages, which may affect how network-based detection rules are tuned for Debian-derived Linux environments ↗
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vulncheck9.8CRITICAL
cisa9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_redhat9.8CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
CISA
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
cisa·2021-11-03·CVSS 9.8
CVE-2021-1870 [CRITICAL] CWE-1173 Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Vulnerability: Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Affected: Apple iOS, iPadOS, and macOS
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required Action: Apply updates per vendor instructions.
Notes: https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Remediation Due Date: 2021-11-17
Ubuntu
WebKitGTK vulnerabilities
vendor_ubuntu·2021-03-29
CVE-2021-1765 WebKitGTK vulnerabilities
Title: WebKitGTK vulnerabilities
Summary: Several security issues were fixed in WebKitGTK.
A large number of security issues were discovered in the WebKitGTK Web and
JavaScript engines. If a user were tricked into viewing a malicious
website, a remote attacker could exploit a variety of issues related to web
browser security, including cross-site scripting attacks, denial of service
attacks, and arbitrary code execution.
Instructions: This update uses a new upstream release, which includes additional bug
fixes. After a standard system update you need to restart any applications
that use WebKitGTK, such as Epiphany, to make all the necessary changes.
Red Hat
webkitgtk: Logic issue leading to arbitrary code execution
vendor_redhat·2021-03-22·CVSS 9.8
CVE-2021-1870 [CRITICAL] CWE-20 webkitgtk: Logic issue leading to arbitrary code execution
webkitgtk: Logic issue leading to arbitrary code execution
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
A logic issue was found in WebKitGTK and WPE WebKit in versions prior to 2.30.6. A remote attacker may be able to cause arbitrary code execution. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Package: webkitgtk (Red Hat Enterprise Linux 6) - Affected
Package: webkitgtk3 (Red Hat Enterprise Linux 7) - Will not fix
Package: webkit
Apple
CVE-2021-1870: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
vendor_apple·2021-02-01·CVSS 9.8
CVE-2021-1870 [CRITICAL] CVE-2021-1870: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Apple Security Update: About the security content of macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
Product: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave
CVE: CVE-2021-1870
Component: WebKit
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
Apple
CVE-2021-1870: iOS 14.4 and iPadOS 14.4
vendor_apple·2021-01-26·CVSS 9.8
CVE-2021-1870 [CRITICAL] CVE-2021-1870: iOS 14.4 and iPadOS 14.4
Apple Security Update: About the security content of iOS 14.4 and iPadOS 14.4
Product: iOS 14.4 and iPadOS
Version: 14.4
CVE: CVE-2021-1870
Component: WebKit
Impact: A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.
Description: A logic issue was addressed with improved restrictions.
Debian
CVE-2021-1870: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m...
vendor_debian·2021·CVSS 9.8
CVE-2021-1870 [CRITICAL] CVE-2021-1870: webkit2gtk - A logic issue was addressed with improved restrictions. This issue is fixed in m...
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Scope: local
bookworm: resolved (fixed in 2.30.6-1)
bullseye: resolved (fixed in 2.30.6-1)
forky: resolved (fixed in 2.30.6-1)
sid: resolved (fixed in 2.30.6-1)
trixie: resolved (fixed in 2.30.6-1)
GHSA
GHSA-f8fh-g8mv-p7hh: A logic issue was addressed with improved restrictions
ghsa_unreviewed·2022-05-24
CVE-2021-1870 [CRITICAL] GHSA-f8fh-g8mv-p7hh: A logic issue was addressed with improved restrictions
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Project0
The More You Know, The More You Know You Don’t Know - Project Zero
project_zero·2022-04-01
CVE-2016-4654 The More You Know, The More You Know You Don’t Know - Project Zero
A Year in Review of 0-days Used In-the-Wild in 2021
Posted by Maddie Stone, Google Project Zero
This is our third annual year in review of 0-days exploited in-the-wild [2020, 2019]. Each year we’ve looked back at all of the detected and disclosed in-the-wild 0-days as a group and synthesized what we think the trends and takeaways are. The goal of this report is not to detail each individual exploit, but instead to analyze the exploits from the year as a group, looking for trends, gaps, lessons learned, successes, etc. If you’re interested in the analysis of individual exploits, please check out our root cause analysis repository.
We perform and share this analysis in order to make 0-day hard. We want it to be more costly, more resource intensive, and overall more difficult for
OSV
CVE-2021-1870: A logic issue was addressed with improved restrictions
osv·2021-04-02·CVSS 9.8
CVE-2021-1870 [CRITICAL] CVE-2021-1870: A logic issue was addressed with improved restrictions
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
VulnCheck
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
vulncheck·2021·CVSS 9.8
CVE-2021-1870 [CRITICAL] CWE-1173 Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit Remote Code Execution Vulnerability
Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Affected: Apple iOS, iPadOS, and macOS
Required Action: Apply updates per vendor instructions.
Exploitation References: https://docs.google.com/spreadsheets/d/1lkNJ0uQwbeC1ZTRrxdtuPLCIl7mlUreoKfSIgajnSyY/edit; https://support.apple.com/kb/HT212146; https://support.apple.com/kb/HT212147; https://www.cisa.gov/sites/default/files/feeds/known_exploited_vulnerabilities.json
Remediation Due: 2021-11-17
No detection rules found.
No public exploits indexed.
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01
## Table of Contents
Overview
Directive Scope
CISA Catalog of Known Exploited Vulnerabilities
Detect CISAs Vulnerabilities Using Qualys VMDR
Remediation
Federal Enterprises and Agencies Can Act Now
Summary
Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01 , “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to remediate
Qualys
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
blogs_qualys·2021-11-09
Qualys Response to CISA Alert: Binding Operational Directive 22-01 | Qualys
#### Table of Contents
- Overview
- Directive Scope
- CISA Catalog of Known Exploited Vulnerabilities
- Detect CISAs Vulnerabilities Using Qualys VMDR
- Remediation
- Federal Enterprises and Agencies Can Act Now
- Summary
- Getting Started
Start your VMDR 30-day, no-cost trial today
## Overview
On November 3, 2021, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) released a Binding Operational Directive 22-01, “Reducing the Significant Risk of Known Exploited Vulnerabilities.” This directive recommends urgent and prioritized remediation of the vulnerabilities that adversaries are actively exploiting. It establishes a CISA-managed catalog of known exploited vulnerabilities that carry significant risk to the federal government and establishes requirements for agencies to
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
blogs_qualys·2021-10-18·CVSS 7.0
[HIGH] Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices
Apple recently released iOS and iPadOS 15.0.2 as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “ Apple is aware of a report that this issue may have been actively exploited ,” the company said in security advisories .
This year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which Apple is aware of a report that this issue may have been actively exploited . Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vul
Qualys
Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys
blogs_qualys·2021-10-18·CVSS 7.0
[HIGH] Apple fixes zero-day in iOS and iPadOS 15.0.2 emergency release: Detect and Prioritize Vulnerabilities using VMDR for Mobile Devices | Qualys
Apple recently released iOS and iPadOS 15.0.2 as an emergency security update that addresses 1 critical zero-day vulnerabilities, which is exploited in wild. Qualys recommends that security teams should immediately update all devices running iOS and iPadOS to the latest version. “Apple is aware of a report that this issue may have been actively exploited,” the company said in security advisories.
This year, Apple has released multiple emergency releases to fix the actively exploited vulnerabilities which Apple is aware of a report that this issue may have been actively exploited. Successful exploitation of the vulnerability allows an application to execute arbitrary code with kernel privileges, and spyware like Pegasus can be easily deployed on affect devices, and exploiting other vulnera
Tenable
CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild
blogs_tenable·2021-02-05·CVSS 8.8
[HIGH] CVE-2021-21148: Google Chrome Heap Buffer Overflow Vulnerability Exploited in the Wild
## Cloud Exposure
Tenable Cloud Security (CNAPP) Request a demo
Tenable Cloud Vulnerability Management Request a demo
Tenable CIEM Request a demo
Secure your cloud
## Vulnerability Exposure
Tenable Vulnerability Management Try for free
Tenable Security Center Request a demo
Tenable Web App Scanning Try for free
Tenable Patch Management Request a demo
Tenable Enclave Security Request a demo
Tenable Attack Surface Management Request a demo
Tenable Nessus Try for free
## AI Exposure
Tenable AI Exposure Request a demo
## OT/IoT Exposure
Tenable OT Security Request a demo
## Identity Exposure
Tenable Identity Exposure Request a demo
## Business needs
Active Directory
AI Security Posture Management (AI-SPM)
AWS security
Azure security
Cloud Security Posture Man
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/https://security.gentoo.org/glsa/202104-03https://support.apple.com/en-us/HT212146https://support.apple.com/en-us/HT212147https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/https://security.gentoo.org/glsa/202104-03https://support.apple.com/en-us/HT212146https://support.apple.com/en-us/HT212147https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1870
2021-04-02
Published
2021-11-03
Added to CISA KEV
Exploited in the wild