https://support.apple.com/en-us/HT212146

https://support.apple.com/en-us/HT212152

https://support.apple.com/en-us/HT212149

https://support.apple.com/en-us/HT212147

https://support.apple.com/en-us/HT212148

FEDORA-2021-864dc37032

FEDORA-2021-619711d709

GLSA-202104-03

The remote Oracle Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2021-4381 advisory.

  - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit     WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)

  - Libraw before 0.20.1 has a stack buffer overflow via LibRaw::identify_process_dng_fields in identify.cpp.
    (CVE-2020-24870)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes     12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    (CVE-2020-27918)

  - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big     Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS     14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on     arbitrary servers. (CVE-2021-1799)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4     and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)

  - A logic issue was addressed with improved state management. This issue is fixed in tvOS 14.6, iOS 14.6 and     iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing maliciously crafted web content     may lead to universal cross site scripting. (CVE-2021-30689)

  - This issue was addressed with improved checks. This issue is fixed in iOS 14.7, Safari 14.1.2, macOS Big     Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to code execution.
    (CVE-2021-30797)

  - autoar-extractor.c in GNOME gnome-autoar through 0.2.4, as used by GNOME Shell, Nautilus, and other     software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent     is a symlink to a directory outside of the intended extraction location. (CVE-2020-36241)

  - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.7,     Safari 14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may     lead to arbitrary code execution. (CVE-2021-30795)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content     may violate iframe sandboxing policy. (CVE-2021-1765)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1788)

  - A use-after-free vulnerability exists in the way certain events are processed for ImageLoader objects of     Webkit WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further     memory corruption. In order to trigger the vulnerability, a victim must be tricked into visiting a     malicious webpage. (CVE-2021-21775)

  - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,     Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote     attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)

  - A use-after-free vulnerability exists in the way Webkit's GraphicsContext handles certain events in     WebKitGTK 2.30.4. A specially crafted web page can lead to a potential information leak and further memory     corruption. A victim must be tricked into visiting a malicious web page to trigger this vulnerability.
    (CVE-2021-21779)

  - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.3 x64. A specially     crafted HTML web page can cause a use-after-free condition, resulting in remote code execution. The victim     needs to visit a malicious web site to trigger the vulnerability. (CVE-2021-21806)

  - autoar-extractor.c in GNOME gnome-autoar before 0.3.1, as used by GNOME Shell, Nautilus, and other     software, allows Directory Traversal during extraction because it lacks a check of whether a file's parent     is a symlink in certain complex situations. NOTE: this issue exists because of an incomplete fix for     CVE-2020-36241. (CVE-2021-28650)

  - Clear History and Website Data did not clear the history. The issue was addressed with improved data     deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update     2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing     history. (CVE-2020-29623)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1789)

  - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and     iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)

  - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in iOS     14.7, macOS Big Sur 11.5, Security Update 2021-004 Catalina, Security Update 2021-005 Mojave. Processing     maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30799)

  - Multiple memory corruption issues were addressed with improved memory handling. This issue is fixed in     tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. Processing     maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-30734, CVE-2021-30749)

  - Description: A cross-origin issue with iframe elements was addressed with improved tracking of security     origins. This issue is fixed in tvOS 14.6, iOS 14.6 and iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4,     watchOS 7.5. Processing maliciously crafted web content may lead to universal cross site scripting.
    (CVE-2021-30744)

  - An integer overflow was addressed with improved input validation. This issue is fixed in iOS 14.5.1 and     iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, Safari 14.1.1, macOS Big Sur 11.3.1. Processing maliciously crafted     web content may lead to arbitrary code execution. (CVE-2021-30663)

  - A memory corruption issue was addressed with improved state management. This issue is fixed in watchOS     7.4.1, iOS 14.5.1 and iPadOS 14.5.1, tvOS 14.6, iOS 12.5.3, macOS Big Sur 11.3.1. Processing maliciously     crafted web content may lead to arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-30665)

  - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and     iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious application may be able to leak     sensitive user information. (CVE-2021-30682)

  - A logic issue was addressed with improved restrictions. This issue is fixed in tvOS 14.6, iOS 14.6 and     iPadOS 14.6, Safari 14.1.1, macOS Big Sur 11.4, watchOS 7.5. A malicious website may be able to access     restricted ports on arbitrary servers. (CVE-2021-30720)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in iOS 14.7, Safari     14.1.2, macOS Big Sur 11.5, watchOS 7.6, tvOS 14.7. Processing maliciously crafted web content may lead to     arbitrary code execution. (CVE-2021-30758)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:4381 advisory.

  - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution     (CVE-2020-13558)

  - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)

  - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788,     CVE-2021-30795)

  - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)

  - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the     destination directory (incomplete  fix) (CVE-2020-36241)

  - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)

  - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)

  - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)

  - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)

  - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)

  - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and     possibly code execution (CVE-2021-21775)

  - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code     execution (CVE-2021-21779)

  - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)

  - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination     directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)

  - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)

  - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)

  - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)

  - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)

  - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)

  - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749,     CVE-2021-30799)

  - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack     (CVE-2021-30744)

  - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)

  - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote CentOS Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the CESA-2021:4381 advisory.

  - webkitgtk: Use-after-free in AudioSourceProviderGStreamer leading to arbitrary code execution     (CVE-2020-13558)

  - LibRaw: Stack buffer overflow in LibRaw::identify_process_dng_fields() in identify.cpp (CVE-2020-24870)

  - webkitgtk: Use-after-free leading to arbitrary code execution (CVE-2020-27918, CVE-2021-1788,     CVE-2021-30795)

  - webkitgtk: User may be unable to fully delete browsing history (CVE-2020-29623)

  - CVE-2021-28650 gnome-autoar: Directory traversal via directory symbolic links pointing outside of the     destination directory (incomplete  fix) (CVE-2020-36241)

  - webkitgtk: IFrame sandboxing policy violation (CVE-2021-1765, CVE-2021-1801)

  - webkitgtk: Type confusion issue leading to arbitrary code execution (CVE-2021-1789)

  - webkitgtk: Access to restricted ports on arbitrary servers via port redirection (CVE-2021-1799)

  - webkitgtk: Memory corruption issue leading to arbitrary code execution (CVE-2021-1844)

  - webkitgtk: Logic issue leading to arbitrary code execution (CVE-2021-1870, CVE-2021-1871)

  - webkitgtk: Use-after-free in ImageLoader dispatchPendingErrorEvent leading to information leak and     possibly code execution (CVE-2021-21775)

  - webkitgtk: Use-after-free in WebCore::GraphicsContext leading to information leak and possibly code     execution (CVE-2021-21779)

  - webkitgtk: Use-after-free in fireEventListeners leading to arbitrary code execution (CVE-2021-21806)

  - gnome-autoar: Directory traversal via directory symbolic links pointing outside of the destination     directory (incomplete CVE-2020-36241 fix) (CVE-2021-28650)

  - webkitgtk: Integer overflow leading to arbitrary code execution (CVE-2021-30663)

  - webkitgtk: Memory corruption leading to arbitrary code execution (CVE-2021-30665)

  - webkitgtk: Logic issue leading to leak of sensitive user information (CVE-2021-30682)

  - webkitgtk: Logic issue leading to universal cross site scripting attack (CVE-2021-30689)

  - webkitgtk: Logic issue allowing access to restricted ports on arbitrary servers (CVE-2021-30720)

  - webkitgtk: Memory corruptions leading to arbitrary code execution (CVE-2021-30734, CVE-2021-30749,     CVE-2021-30799)

  - webkitgtk: Cross-origin issue with iframe elements leading to universal cross site scripting attack     (CVE-2021-30744)

  - webkitgtk: Type confusion leading to arbitrary code execution (CVE-2021-30758)

  - webkitgtk: Insufficient checks leading to arbitrary code execution (CVE-2021-30797)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote SUSE Linux SLED12 / SLES12 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2021:1990-1 advisory.

  - A code execution vulnerability exists in the WebSocket functionality of Webkit WebKitGTK 2.30.0. A     specially crafted web page can trigger a use-after-free vulnerability which can lead to remote code     execution. An attacker can get a user to visit a webpage to trigger this vulnerability. (CVE-2020-13543)

  - A code execution vulnerability exists in the AudioSourceProviderGStreamer functionality of Webkit     WebKitGTK 2.30.1. A specially crafted web page can lead to a use after free. (CVE-2020-13558)

  - An exploitable use-after-free vulnerability exists in WebKitGTK browser version 2.30.1 x64. A specially     crafted HTML web page can cause a use-after-free condition, resulting in a remote code execution. The     victim needs to visit a malicious web site to trigger this vulnerability. (CVE-2020-13584)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes     12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    (CVE-2020-27918)

  - Clear History and Website Data did not clear the history. The issue was addressed with improved data     deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update     2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing     history. (CVE-2020-29623)

  - A use after free issue was addressed with improved memory management. This issue is fixed in watchOS 7.0,     iOS 14.0 and iPadOS 14.0, iTunes for Windows 12.10.9, iCloud for Windows 11.5, tvOS 14.0, Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9947)

  - A type confusion issue was addressed with improved memory handling. This issue is fixed in Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9948)

  - A use after free issue was addressed with improved memory management. This issue is fixed in Safari 14.0.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2020-9951)

  - An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in Safari     14.0. Processing maliciously crafted web content may lead to code execution. (CVE-2020-9983)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content     may violate iframe sandboxing policy. (CVE-2021-1765)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1788)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1789)

  - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big     Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS     14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on     arbitrary servers. (CVE-2021-1799)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4     and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)

  - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and     iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)

  - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,     Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote     attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

This update for webkit2gtk3 fixes the following issues :

  - Update to version 2.32.0 (bsc#1184155) :

  - Fix the authentication request port when URL omits the     port.

  - Fix iframe scrolling when main frame is scrolled in     async

  - scrolling mode.

  - Stop using g_memdup.

  - Show a warning message when overriding signal handler     for

  - threading suspension.

  - Fix the build on RISC-V with GCC 11.

  - Fix several crashes and rendering issues.

  - Security fixes: CVE-2021-1788, CVE-2021-1844,     CVE-2021-1871

  - Update in version 2.30.6 (bsc#1184262) :

  - Update user agent quirks again for Google Docs and     Google Drive.

  - Fix several crashes and rendering issues.

  - Security fixes: CVE-2020-27918, CVE-2020-29623,     CVE-2021-1765 CVE-2021-1789, CVE-2021-1799,     CVE-2021-1801, CVE-2021-1870.

  - Update _constraints for armv6/armv7 (bsc#1182719)

  - restore NPAPI plugin support which was removed in 2.32.0

This update was imported from the SUSE:SLE-15-SP2:Update update project.

This update for webkit2gtk3 fixes the following issues :

Update to version 2.32.0 (bsc#1184155) :

  - Fix the authentication request port when URL omits the     port.

  - Fix iframe scrolling when main frame is scrolled in     async

  - scrolling mode.

  - Stop using g_memdup.

  - Show a warning message when overriding signal handler     for

  - threading suspension.

  - Fix the build on RISC-V with GCC 11.

  - Fix several crashes and rendering issues.

  - Security fixes: CVE-2021-1788, CVE-2021-1844,     CVE-2021-1871

Update in version 2.30.6 (bsc#1184262) :

  - Update user agent quirks again for Google Docs and     Google Drive.

  - Fix several crashes and rendering issues.

  - Security fixes: CVE-2020-27918, CVE-2020-29623,     CVE-2021-1765 CVE-2021-1789, CVE-2021-1799,     CVE-2021-1801, CVE-2021-1870.

Update _constraints for armv6/armv7 (bsc#1182719)

restore NPAPI plugin support which was removed in 2.32.0

Note that Tenable Network Security has extracted the preceding description block directly from the SUSE security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

The remote host is affected by the vulnerability described in GLSA-202104-03 (WebkitGTK+: Multiple vulnerabilities)

    Multiple vulnerabilities have been discovered in WebkitGTK+. Please       review the CVE identifiers referenced below for details.
  Impact :

    An attacker, by enticing a user to visit maliciously crafted web       content, may be able to execute arbitrary code, violate iframe sandboxing       policy, access restricted ports on arbitrary servers, cause memory       corruption, or could cause a Denial of Service condition.
  Workaround :

    There is no known workaround at this time.

The remote Ubuntu 18.04 LTS / 20.04 LTS / 20.10 host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-4894-1 advisory.

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes     12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    (CVE-2020-27918)

  - Clear History and Website Data did not clear the history. The issue was addressed with improved data     deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update     2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing     history. (CVE-2020-29623)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content     may violate iframe sandboxing policy. (CVE-2021-1765)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1789)

  - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big     Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS     14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on     arbitrary servers. (CVE-2021-1799)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4     and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)

  - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,     Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote     attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-1870)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 32 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-619711d709 advisory.

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes     12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    (CVE-2020-27918)

  - Clear History and Website Data did not clear the history. The issue was addressed with improved data     deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update     2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing     history. (CVE-2020-29623)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content     may violate iframe sandboxing policy. (CVE-2021-1765)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1789)

  - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big     Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS     14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on     arbitrary servers. (CVE-2021-1799)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4     and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)

  - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,     Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote     attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-1870)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-864dc37032 advisory.

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.0.1, watchOS 7.1, iOS 14.2 and iPadOS 14.2, iCloud for Windows 11.5, Safari 14.0.1, tvOS 14.2, iTunes     12.11 for Windows. Processing maliciously crafted web content may lead to arbitrary code execution.
    (CVE-2020-27918)

  - Clear History and Website Data did not clear the history. The issue was addressed with improved data     deletion. This issue is fixed in macOS Big Sur 11.1, Security Update 2020-001 Catalina, Security Update     2020-007 Mojave, iOS 14.3 and iPadOS 14.3, tvOS 14.3. A user may be unable to fully delete browsing     history. (CVE-2020-29623)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content     may violate iframe sandboxing policy. (CVE-2021-1765)

  - A use after free issue was addressed with improved memory management. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1788)

  - A type confusion issue was addressed with improved state handling. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4     and iPadOS 14.4, Safari 14.0.3. Processing maliciously crafted web content may lead to arbitrary code     execution. (CVE-2021-1789)

  - A port redirection issue was addressed with additional port validation. This issue is fixed in macOS Big     Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS     14.4 and iPadOS 14.4, Safari 14.0.3. A malicious website may be able to access restricted ports on     arbitrary servers. (CVE-2021-1799)

  - This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur     11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4     and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy. (CVE-2021-1801)

  - A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and     iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3.
    Processing maliciously crafted web content may lead to arbitrary code execution. (CVE-2021-1844)

  - A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2,     Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote     attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may     have been actively exploited.. (CVE-2021-1870, CVE-2021-1871)

Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number.

The following vulnerabilities have been discovered in the webkit2gtk web engine :

  - CVE-2020-27918     Liu Long discovered that processing maliciously crafted     web content may lead to arbitrary code execution.

  - CVE-2020-29623     Simon Hunt discovered that users may be unable to fully     delete their browsing history under some circumstances.

  - CVE-2021-1765     Eliya Stein discovered that maliciously crafted web     content may violate iframe sandboxing policy.

  - CVE-2021-1789     @S0rryMybad discovered that processing maliciously     crafted web content may lead to arbitrary code     execution.

  - CVE-2021-1799     Gregory Vishnepolsky, Ben Seri and Samy Kamkar     discovered that a malicious website may be able to     access restricted ports on arbitrary servers.

  - CVE-2021-1801     Eliya Stein discovered that processing maliciously     crafted web content may lead to arbitrary code     execution.

  - CVE-2021-1870     An anonymous researcher discovered that processing     maliciously crafted web content may lead to arbitrary     code execution.

The remote host is running a version of macOS / Mac OS X that is 10.14.x prior to 10.14.6 Security Update 2021-001 Mojave, 10.15.x prior to 10.15.7 Security Update 2021-001 Catalina, or 11.x prior to 11.2. It is, therefore, affected by multiple vulnerabilities, including the following:

  - A logic issue existed resulting in memory corruption. This was addressed with improved state management.
    An application may be able to execute arbitrary code with kernel privileges. (CVE-2020-27904)

  - A logic issue existed that allowed applications to execute arbitrary code with kernel privileges.
    (CVE-2021-1750)

  - An out-of-bounds-write caused by improper input validation allowed maliciously crafted USD files to     unexpectedly terminate an application or cause arbitrary code execution. (CVE-2021-1762)

Note that Nessus has not tested for this issue but has instead relied only on the operating system's self-reported version number.

The version of Apple iOS running on the mobile device is prior to 14.4. It is, therefore, affected by multiple vulnerabilities.

ID	Name	Product	Family	Severity
155421	Oracle Linux 8 : GNOME (ELSA-2021-4381)	Nessus	Oracle Linux Local Security Checks	high
155153	RHEL 8 : GNOME (RHSA-2021:4381)	Nessus	Red Hat Local Security Checks	high
155097	CentOS 8 : GNOME (CESA-2021:4381)	Nessus	CentOS Local Security Checks	high
150913	SUSE SLED12 / SLES12 Security Update : webkit2gtk3 (SUSE-SU-2021:1990-1)	Nessus	SuSE Local Security Checks	critical
149570	openSUSE Security Update : webkit2gtk3 (openSUSE-2021-637)	Nessus	SuSE Local Security Checks	critical
149278	SUSE SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1499-1)	Nessus	SuSE Local Security Checks	critical
149222	GLSA-202104-03 : WebkitGTK+: Multiple vulnerabilities	Nessus	Gentoo Local Security Checks	critical
149203	SUSE SLED15 / SLES15 Security Update : webkit2gtk3 (SUSE-SU-2021:1430-1)	Nessus	SuSE Local Security Checks	critical
148891	Ubuntu 18.04 LTS / 20.04 LTS / 20.10 : WebKitGTK vulnerabilities (USN-4894-1)	Nessus	Ubuntu Local Security Checks	critical
148804	Fedora 32 : webkit2gtk3 (2021-619711d709)	Nessus	Fedora Local Security Checks	critical
148778	Fedora 33 : webkit2gtk3 (2021-864dc37032)	Nessus	Fedora Local Security Checks	critical
148236	Debian DSA-4877-1 : webkit2gtk - security update	Nessus	Debian Local Security Checks	critical
146086	macOS 10.14.x < 10.14.6 Security Update 2021-001 / 10.15.x < 10.15.7 Security Update 2021-001 / macOS 11.x < 11.2 (HT212147)	Nessus	MacOS X Local Security Checks	high
145548	Apple iOS < 14.4 Multiple Vulnerabilities	Nessus	Mobile Devices	high

CVE-2021-1799

medium

New! CVE Severity Now Using CVSS v3

Description

References

Details

Risk Information

CVSS v2

CVSS v3

Vulnerable Software

Configuration 1

Configuration 2

Configuration 3

Tenable Plugins

high

high

high

critical

critical

critical

critical

critical

critical

critical

critical

critical

high

high