PT-2021-4220 · Apple+9 · Ipados+12

Published

2021-01-26

·

Updated

2025-10-23

·

CVE-2021-1870

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave iOS versions prior to 14.4 iPadOS versions prior to 14.4
Description A logic issue was addressed with improved restrictions, which may allow a remote attacker to cause arbitrary code execution. This issue may have been actively exploited. The vulnerability is related to insufficient input validation in the WebKit module, which is responsible for displaying web pages.
Recommendations For macOS versions prior to 11.2, update to macOS Big Sur 11.2 or later. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina or later. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave or later. For iOS versions prior to 14.4, update to iOS 14.4 or later. For iPadOS versions prior to 14.4, update to iPadOS 14.4 or later.

Fix

RCE

Weakness Enumeration

CWE-20

Related Identifiers

ALSA-2021:4381
ALSA-2021_4381
ALT-PU-2021-1527
BDU:2021-04824
CESA-2021_4381
CVE-2021-1870
DSA-4877-1
ELSA-2021-4381
MGASA-2021-0181
OPENSUSE-SU-2021:0637-1
OPENSUSE-SU-2021_0637-1
RHSA-2021:4381
RHSA-2021_4381
RHSA-2025:10364
RLSA-2021:4381
RLSA-2021_4381
SUSE-SU-2021:1430-1
SUSE-SU-2021:1499-1
SUSE-SU-2021:1990-1
SUSE-SU-2021_1430-1
SUSE-SU-2021_1499-1
SUSE-SU-2021_1990-1
USN-4894-1

Affected Products

Alt Linux
Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Suse
Ubuntu
Webkit
Ios
Ipados