PT-2021-5774 · Apple+8 · Watchos+15

Published

2021-05-24

·

Updated

2021-11-09

·

CVE-2021-30689

CVSS v3.1

6.1

Medium

VectorAV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N
Name of the Vulnerable Software and Affected Versions Apple iOS versions prior to 14.6 Apple iPadOS versions prior to 14.6 Apple tvOS versions prior to 14.6 Apple Safari versions prior to 14.1.1 Apple macOS Big Sur versions prior to 11.4 Apple watchOS versions prior to 7.5
Description A logic issue was addressed with improved state management. Processing maliciously crafted web content may lead to universal cross site scripting. The issue is related to the WebKit module, which is used for displaying web pages. Exploitation of this issue may allow a remote attacker to impact data integrity using malicious web content.
Recommendations For Apple iOS versions prior to 14.6, update to iOS 14.6 or later. For Apple iPadOS versions prior to 14.6, update to iPadOS 14.6 or later. For Apple tvOS versions prior to 14.6, update to tvOS 14.6 or later. For Apple Safari versions prior to 14.1.1, update to Safari 14.1.1 or later. For Apple macOS Big Sur versions prior to 11.4, update to macOS Big Sur 11.4 or later. For Apple watchOS versions prior to 7.5, update to watchOS 7.5 or later.

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2021:4381
BDU:2022-00223
CESA-2021_4381
CVE-2021-30689
DSA-4945-1
MGASA-2021-0400
OPENSUSE-SU-2021:1101-1
OPENSUSE-SU-2021:2598-1
OPENSUSE-SU-2021_1101-1
OPENSUSE-SU-2021_2598-1
RHSA-2021:4381
RHSA-2021_4381
RHSA-2025:10364
RLSA-2021:4381
SUSE-SU-2021:2598-1
SUSE-SU-2021:2600-1
SUSE-SU-2021:2762-1
USN-5024-1

Affected Products

Almalinux
Astra Linux
Centos
Linuxmint
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Ubuntu
Webkit
Ios
Ipados
Macos Big Sur
Tvos
Watchos