CVE-2021-30897

Published: Aug 24, 2021Modified: Nov 21, 2024

6.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Exploitability: 2.8 / Impact: 3.6

Source: NVD

Description

An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented. This issue is fixed in macOS Monterey 12.0.1. A malicious website may exfiltrate data cross-origin.

Affected (4)

Products: Apple: Ipados, Iphone Os, Macos, Tvos

4 products

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Apple Ipados	Before 15.0
Apple Iphone Os	Before 15.0
Apple Macos	Before 12.0.1
Apple Tvos	Before 15.0

References (6)

https://support.apple.com/en-us/HT212869

Source: product-security@apple.com

https://support.apple.com/kb/HT212814

Source: product-security@apple.com

https://support.apple.com/kb/HT212815

Source: product-security@apple.com

https://support.apple.com/en-us/HT212869

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT212814

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.apple.com/kb/HT212815

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.