CVE-2021-1871

Name
CVE-2021-1871
Description
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
NVD Severity
high
Other trackers
Mailing lists
Exploits
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Vendor Advisory https://support.apple.com/en-us/HT212146
Vendor Advisory https://support.apple.com/en-us/HT212147
Mailing List https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
DEBIAN https://www.debian.org/security/2021/dsa-4923

Match rules

CPE URI Source package Min version Max version
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* ipad_os >= None < 14.4
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* iphone_os >= None < 14.4
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* mac_os_x >= 10.15 < 10.15.7
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* mac_os_x == None == 10.15.7
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* macos >= 11.0.1 < 11.2

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
webkit2gtk 3.13-community 2.32.0-r0 Rasmus Thomsen <oss@cogitri.dev> fixed