PT-2021-13542 · Apple · Ios+3

Codecolorist

Published

2021-04-02

Updated

2021-04-08

CVE-2021-1748

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions: Apple tvOS versions prior to 14.4 Apple watchOS versions prior to 7.3 Apple iOS versions prior to 14.4 Apple iPadOS versions prior to 14.4

Description: A validation issue was addressed with improved input sanitization. Processing a maliciously crafted URL may lead to arbitrary javascript code execution.

Recommendations: For tvOS versions prior to 14.4, update to tvOS 14.4 to resolve the issue. For watchOS versions prior to 7.3, update to watchOS 7.3 to resolve the issue. For iOS versions prior to 14.4, update to iOS 14.4 to resolve the issue. For iPadOS versions prior to 14.4, update to iPadOS 14.4 to resolve the issue.

Exploit

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

CVE-2021-1748

Affected Products

Ios

Ipados

Tvos

Watchos

PT-2021-13542 · Apple · Ios+3

CVE-2021-1748

Weakness Enumeration

Related Identifiers

Affected Products

References · 7