CVE-2021-1801

Advisory lineage Upstream: 0 Downstream: 10
Modified
Published: 02 Apr 2021, 18:05
Last modified:03 Aug 2024, 16:25

Vulnerability Summary

Overall Risk (default)
medium
26/100
CVSS Score
6.5 MEDIUM
v3.1 (nvd)
EPSS Score
0.25% LOW
0% probability 0.00%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

02 Apr 2021, 18:05
Published
Vulnerability first disclosed
03 Aug 2024, 16:25
Last Modified
Vulnerability information updated

Description

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

CVSS Metrics

  • v3.1MEDIUMScore: 6.5CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
  • v2.0MEDIUMScore: 4.3AV:N/AC:M/Au:N/C:N/I:P/A:N

EPSS Trends

Current EPSS score: 0.25% Percentile: 48%

Affected Systems

  • appleios and ipados

    ≥ unspecified, < 14.4

  • appleipad_os

    < 14.4

  • appleiphone_os

    < 14.4

  • applemacos

    ≥ 11.0.1, < 11.2 | ≥ unspecified, < 11.2 | ≥ unspecified, < 7.3 | ≥ unspecified, < 14.4

  • appletvos

    < 14.4

  • applewatchos

    < 7.3

  • fedoraprojectfedora

    32 | 33

  • UnknownWebKitGTK

    < 2.30.6

References (7)