CVE-2021-1789

Advisory lineage Upstream: 0 Downstream: 11

Downstream

DEBIAN-CVE-2021-1789 DSA-4877-1 OPENSUSE-SU-2021:0637-1 OPENSUSE-SU-2024:11506-1 RHSA-2021:4381 RHSA-2025:10364

Analyzed

Published: 02 Apr 2021, 18:01

Last modified:21 Oct 2025, 23:25

Vulnerability Summary

Overall Risk (default)

medium

35/100

CVSS Score

8.8 HIGH

v3.1 (cve.org)

EPSS Score

0.24% LOW

0% probability 0.00%

KEV

Listed

CISA

1 listing

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

02 Apr 2021, 18:01

Published

Vulnerability first disclosed

04 May 2022, 00:00

Added to CISA KEV

Apple Multiple Products Type Confusion Vulnerability

25 May 2022, 00:00

CISA Remediation Due

Apply updates per vendor instructions.

21 Oct 2025, 23:25

Last Modified

Vulnerability information updated

Description

A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.

CVSS Metrics

v3.1•HIGH•Score: 8.8CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
v2.0•MEDIUM•Score: 6.8AV:N/AC:M/Au:N/C:P/I:P/A:P

EPSS Trends

Current EPSS score: 0.24%• Percentile: 48%

Techniques & Countermeasures

CWE-843•Access of Resource Using Incompatible Type ('Type Confusion')
The product allocates or initializes a resource such as a pointer, object, or variable using one type, but it later accesses that resource using a type that is incompatible with the original type.

Affected Systems

apple•ios and ipados
≥ unspecified, < 14.4
apple•ipados
< 14.4
apple•iphone_os
< 14.4
apple•mac_os_x
≥ 10.14, < 10.14.6 | ≥ 10.15, < 10.15.7 | 10.14.6 | 10.14.6:security_update_2019-004 | 10.14.6:security_update_2019-005 | 10.14.6:security_update_2019-006 | 10.14.6:security_update_2019-007 | 10.14.6:security_update_2020-001 | 10.14.6:security_update_2020-002 | 10.14.6:security_update_2020-003 | 10.14.6:security_update_2020-004 | 10.14.6:security_update_2020-005 | 10.14.6:security_update_2020-006 | 10.14.6:security_update_2020-007 | 10.14.6:supplemental_update | 10.14.6:supplemental_update_2 | 10.15.7 | 10.15.7:supplemental_update
apple•macos
≥ 11.0, < 11.2 | ≥ unspecified, < 11.2 | ≥ unspecified, < 7.3 | ≥ unspecified, < 14.4 | ≥ unspecified, < 14.0
apple•tvos
< 14.4
apple•watchos
< 7.3
fedoraproject•fedora
32 | 33
Unknown•WebKitGTK
< 2.30.6