CVE-2021-1788high
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code execution.
References
https://support.apple.com/en-us/HT212146
https://support.apple.com/en-us/HT212152
https://support.apple.com/en-us/HT212149
https://support.apple.com/en-us/HT212147
Details
Source: MITRE
Published: 2021-04-02
Updated: 2021-05-31
Type: CWE-416
Risk Information
CVSS v2
Base Score: 6.8
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Impact Score: 6.4
Exploitability Score: 8.6
Severity: MEDIUM
CVSS v3
Base Score: 8.8
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Impact Score: 5.9
Exploitability Score: 2.8
Severity: HIGH
Vulnerable Software
Configuration 1
OR
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2019-007:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-002:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-003:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-004:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-005:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-006:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:supplemental_update_2:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.14.6:security_update_2020-007:*:*:*:*:*:*
cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*
Configuration 2
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 155421 | Oracle Linux 8 : GNOME (ELSA-2021-4381) | Nessus | Oracle Linux Local Security Checks | high |
| 155153 | RHEL 8 : GNOME (RHSA-2021:4381) | Nessus | Red Hat Local Security Checks | high |
| 155097 | CentOS 8 : GNOME (CESA-2021:4381) | Nessus | CentOS Local Security Checks | high |
| 150913 | SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:1990-1) | Nessus | SuSE Local Security Checks | critical |
| 150095 | Debian DSA-4923-1 : webkit2gtk - security update | Nessus | Debian Local Security Checks | critical |
| 149570 | openSUSE Security Update : webkit2gtk3 (openSUSE-2021-637) | Nessus | SuSE Local Security Checks | critical |
| 149419 | Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : WebKitGTK vulnerabilities (USN-4939-1) | Nessus | Ubuntu Local Security Checks | critical |
| 149278 | SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1499-1) | Nessus | SuSE Local Security Checks | critical |
| 149203 | SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1) | Nessus | SuSE Local Security Checks | critical |
| 148778 | Fedora 33 : webkit2gtk3 (2021-864dc37032) | Nessus | Fedora Local Security Checks | critical |
| 146086 | macOS 10.14.x < 10.14.6 Security Update 2021-001 / 10.15.x < 10.15.7 Security Update 2021-001 / macOS 11.x < 11.2 (HT212147) | Nessus | MacOS X Local Security Checks | high |
| 145548 | Apple iOS < 14.4 Multiple Vulnerabilities | Nessus | Mobile Devices | high |