CVE-2021-1879

Published: Apr 2, 2021Modified: Oct 23, 2025CISA KEV

6.1

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Exploitability: 2.8 / Impact: 2.7

Source: NVD

Description

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

Affected (4)

Products: Apple: Ipados, Iphone Os, Watchos

3 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 14.4.2
Apple Iphone Os	Before 12.5.2
Apple Iphone Os	From 13.0 to 14.4.2
Apple Watchos	Before 7.3.3

Related CWEs

Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

The product does not neutralize or incorrectly neutralizes user-controllable input before it is placed in output that is used as a web page that is served to other users.

References (7)

https://support.apple.com/en-us/HT212256

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212257

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212258

Source: product-security@apple.com

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212256

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212257

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://support.apple.com/en-us/HT212258

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesVendor Advisory

https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1879

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

US Government Resource

Timeline

No history available yet.