CVE-2021-1879
published 2021-04-02CVE-2021-1879: This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing…
medium6.1CVSS 3.1
AVNACLPRNUIRSCCLILAN
KEVITW
CISA Known Exploited Vulnerabilitydue 2021-11-17
Exploited in the wild
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | ios | >= unspecified < 12.5 | 12.5 |
| apple | ios_and_ipados | >= unspecified < 14.4 | 14.4 |
| apple | ipados | < 14.4.2 | 14.4.2 |
| apple | iphone_os | < 12.5.2 | 12.5.2 |
| apple | iphone_os | >= 13.0 < 14.4.2 | 14.4.2 |
| apple | watchos | < 7.3.3 | 7.3.3 |
| apple | watchos | >= unspecified < 7.3 | 7.3 |
CVSS provenance
nvdv3.16.1MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
vulncheck6.1MEDIUM
cisa6.1MEDIUM