Detections
Analytics
Apple iOS < 14.4.2 XSS (HT212256)
medium Nessus Plugin ID 148263
Language:
Synopsis
The version of Apple iOS running on the mobile device is missing a vendor-supplied patch.Description
The version of Apple iOS running on the mobile device is prior to 14.4.2. It is, therefore, affected by a cross-site scripting (XSS) vulnerability in its WebKit component due to improper validation of user-supplied input before returning it to users. An unauthenticated, remote attacker can exploit this, by convincing a user to click a specially crafted URL, to execute arbitrary script code in a user's browser session.Solution
Upgrade to Apple iOS version 14.4.2 or laterSee Also
Plugin Details
Severity: Medium
ID: 148263
File Name: apple_ios_1442_check.nbin
Version: 1.35
Type: local
Family: Mobile Devices
Published: 4/1/2021
Updated: 4/8/2024
Supported Sensors: Nessus
Risk Information
VPR
Risk Factor: Medium
Score: 4.6
CVSS v2
Risk Factor: Medium
Base Score: 4.3
Temporal Score: 3.7
Vector: CVSS2#AV:N/AC:M/Au:N/C:N/I:P/A:N
CVSS Score Source: CVE-2021-1879
CVSS v3
Risk Factor: Medium
Base Score: 6.1
Temporal Score: 5.8
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Temporal Vector: CVSS:3.0/E:H/RL:O/RC:C
Vulnerability Information
CPE: cpe:/o:apple:iphone_os
Required KB Items: mdm/dependency/unlocked
Exploit Available: true
Exploit Ease: Exploits are available
Patch Publication Date: 3/26/2021
Vulnerability Publication Date: 3/26/2021
CISA Known Exploited Vulnerability Due Dates: 11/17/2021
Reference Information
CVE: CVE-2021-1879
APPLE-SA: APPLE-SA-2021-03-26-1, HT212256
IAVA: 2021-A-0153-S