CVE-2021-1879

medium

Description

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

References

Exploits
More

https://www.bleepingcomputer.com/news/security/russian-apt29-hackers-use-ios-chrome-exploits-created-by-spyware-vendors/

https://thehackernews.com/2024/08/russian-hackers-exploit-safari-and.html

https://www.tenable.com/cyber-exposure/2021-threat-landscape-retrospective

https://blog.google/threat-analysis-group/how-we-protect-users-0-day-attacks/

https://support.apple.com/en-us/HT212258

https://support.apple.com/en-us/HT212257

https://support.apple.com/en-us/HT212256

Details

Source: Mitre, NVD

Published: 2021-04-02

Updated: 2025-02-28

Known Exploited Vulnerability (KEV)

Risk Information

CVSS v2

Base Score: 4.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N

Severity: Medium

CVSS v3

Base Score: 6.1

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Severity: Medium

EPSS

EPSS: 0.02758