CVE-2021-1870

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

Published: Apr 2, 2021
Updated: Apr 14, 2023
CVE: CVE-2021-1870
Severity: Critical
Exploit:

CVSS v3:

Severity: Critical
Score: 9.8
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CVSS v2:

Severity: High
Score: 7.5
AV:N/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
apple / mac_os_x	10.15	10.15.7
apple / mac_os_x	10.15.7-supplemental_update	10.15.7-supplemental_update.x
apple / mac_os_x	10.15.7	10.15.7.x
apple / iphone_os	-	14.4
apple / mac_os_x	10.15.7-security_update_2020-001	10.15.7-security_update_2020-001.x
apple / macos	11.0.1	11.2
webkitgtk / webkitgtk	-	2.30.6
fedoraproject / fedora	32	32.x
fedoraproject / fedora	33	33.x
apple / ipados	-	14.4

Vulnerability Database

289,599

CVE-2021-1870