CVE-2021-1789

Warnung

EPSS 0.37%
Veröffentlicht 02.04.2021 18:15:21
Zuletzt bearbeitet 28.02.2025 14:44:48
Quelle product-security@apple.com
Teams Watchlist Login
Unerledigt Login

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Betroffene Produkte Warnungen 1 Metriken 4 CWE 1 Referenzen 11

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Apple ≫ iPadOS Version < 14.4

Apple ≫ iPhone OS Version < 14.4

Apple ≫ macOS X Version >= 10.14 < 10.14.6

Apple ≫ macOS X Version >= 10.15 < 10.15.7

Apple ≫ macOS X Version10.14.6 Update-

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2019-007

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-001

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-002

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-003

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-004

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-005

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-006

Apple ≫ macOS X Version10.14.6 Updatesecurity_update_2020-007

Apple ≫ macOS X Version10.14.6 Updatesupplemental_update

Apple ≫ macOS X Version10.14.6 Updatesupplemental_update_2

Apple ≫ macOS X Version10.15.7 Update-

Apple ≫ macOS X Version10.15.7 Updatesupplemental_update

Apple ≫ macOS Version >= 11.0 < 11.2

Apple ≫ tvOS Version < 14.4

Apple ≫ watchOS Version < 7.3

Fedoraproject ≫ Fedora Version32

Fedoraproject ≫ Fedora Version33

Webkitgtk ≫ Webkitgtk Version < 2.30.6

04.05.2022: CISA Known Exploited Vulnerabilities (KEV) Catalog

Apple Multiple Products Type Confusion Vulnerability

Schwachstelle

A type confusion issue affecting multiple Apple products allows processing of maliciously crafted web content, leading to arbitrary code execution.

Beschreibung

Apply updates per vendor instructions.

Erforderliche Maßnahmen

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.37%	0.582

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvd@nist.gov	6.8	8.6	6.4	AV:N/AC:M/Au:N/C:P/I:P/A:P
134c704f-9b21-4f2e-91b3-4a467353bcc0	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE-843 Access of Resource Using Incompatible Type ('Type Confusion')

The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

https://security.gentoo.org/glsa/202104-03

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/

Mailing List

https://support.apple.com/en-us/HT212147

Vendor Advisory

Release Notes

https://support.apple.com/en-us/HT212146

Vendor Advisory

Release Notes