CVE-2021-1863

Published: Sep 8, 2021Modified: Jun 17, 2026

2.4

Vector

CVSS:3.1/AV:P/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N

Exploitability: 0.9 / Impact: 1.4

Source: NVD

Description

An issue existed with authenticating the action triggered by an NFC tag. The issue was addressed with improved action authentication. This issue is fixed in iOS 14.5 and iPadOS 14.5. A person with physical access to an iOS device may be able to place phone calls to any phone number.

Affected (2)

Products: Apple: Ipados, Iphone Os

2 products

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 14.5
Apple Iphone Os	Before 14.5

Related CWEs

Improper Authentication

When an actor claims to have a given identity, the product does not prove or insufficiently proves that the claim is correct.

References (2)

https://support.apple.com/en-us/HT212317

Source: product-security@apple.com

Vendor Advisory

https://support.apple.com/en-us/HT212317

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.