CVE-2021-1857

medium

Description

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.

References

https://support.apple.com/en-us/HT212321

https://support.apple.com/en-us/HT212319

https://support.apple.com/en-us/HT212327

https://support.apple.com/en-us/HT212317

https://support.apple.com/en-us/HT212325

https://support.apple.com/en-us/HT212326

https://support.apple.com/en-us/HT212323

https://support.apple.com/en-us/HT212324

Details

Source: MITRE

Published: 2021-09-08

Updated: 2021-09-16

Type: CWE-665

Risk Information

CVSS v2

Base Score: 4.3

Vector: AV:N/AC:M/Au:N/C:P/I:N/A:N

Impact Score: 2.9

Exploitability Score: 8.6

Severity: MEDIUM

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N

Impact Score: 3.6

Exploitability Score: 2.8

Severity: MEDIUM