PT-2021-6451 · Apple+5 · Macos Big Sur+13

Zhunki

·

Published

2020-11-23

·

Updated

2022-02-17

·

CVE-2021-1825

CVSS v3.1

8.8

High

VectorAV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions iTunes versions prior to 12.11.3 for Windows iCloud for Windows versions prior to 12.3 macOS Big Sur versions prior to 11.3 Safari versions prior to 14.1 watchOS versions prior to 7.4 tvOS versions prior to 14.5 iOS versions prior to 14.5 iPadOS versions prior to 14.5
Description The issue is related to input validation. Processing maliciously crafted web content may lead to a cross-site scripting attack.
Recommendations For iTunes versions prior to 12.11.3 for Windows, update to version 12.11.3 or later. For iCloud for Windows versions prior to 12.3, update to version 12.3 or later. For macOS Big Sur versions prior to 11.3, update to version 11.3 or later. For Safari versions prior to 14.1, update to version 14.1 or later. For watchOS versions prior to 7.4, update to version 7.4 or later. For tvOS versions prior to 14.5, update to version 14.5 or later. For iOS versions prior to 14.5, update to version 14.5 or later. For iPadOS versions prior to 14.5, update to version 14.5 or later.

Exploit

Fix

XSS

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-79

Related Identifiers

ALSA-2021:1586
BDU:2022-01656
CESA-2021_1586
CVE-2021-1825
DSA-4797-1
DSA-4797-2
OPENSUSE-SU-2022:0182-1
OPENSUSE-SU-2022_0182-1
OPENSUSE-SU-2022_0182-2
RHSA-2021:1586
RHSA-2021_1586
RHSA-2025:10364
RLSA-2021:1586
SUSE-SU-2022:0142-1
SUSE-SU-2022:0182-1
SUSE-SU-2022:0182-2
SUSE-SU-2022:0183-1

Affected Products

Almalinux
Centos
Apple Macos
Red Hat
Rocky Linux
Safari
Suse
Icloud
Ios
Ipados
Itunes
Macos Big Sur
Tvos
Watchos