CVE-2021-1765

Description

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

CVSS Metrics

• v3.1•MEDIUM•Score: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
• v2.0•MEDIUM•Score: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.08%• Percentile: 24%

Affected Systems

• apple•mac_os_x

  ≥ 10.14, < 10.14.6 | ≥ 10.15, < 10.15.7 | 10.14.6 | 10.14.6:security_update_2019-004 | 10.14.6:security_update_2019-005 | 10.14.6:security_update_2019-006 | 10.14.6:security_update_2019-007 | 10.14.6:security_update_2020-001 | 10.14.6:security_update_2020-002 | 10.14.6:security_update_2020-003 | 10.14.6:security_update_2020-004 | 10.14.6:security_update_2020-005 | 10.14.6:security_update_2020-006 | 10.14.6:security_update_2020-007 | 10.14.6:supplemental_update | 10.14.6:supplemental_update_2 | 10.15.7 | 10.15.7:supplemental_update

• apple•macos

  ≥ 11.0, < 11.2 | ≥ unspecified, < 11.2

• fedoraproject•fedora

  32 | 33

• Unknown•WebKitGTK

  < 2.30.6

References (4)

• https://support.apple.com/en-us/HT212147
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
• https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
• https://security.gentoo.org/glsa/202104-03