PT-2021-7320 · Apple+7 · Watchos+12
Prakash
·
Published
2021-04-13
·
Updated
2023-01-09
·
CVE-2021-30888
CVSS v3.1
7.4
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
WPE WebKit versions prior to the fixed version
iOS versions prior to 15.1
iPadOS versions prior to 15.1
macOS Monterey versions prior to 12.0.1
iOS versions prior to 14.8.1
iPadOS versions prior to 14.8.1
tvOS versions prior to 15.1
watchOS versions prior to 8.1
Description
The issue is related to an information leakage problem in the WPE WebKit module, which is connected to the use of open redirects. A malicious website using Content Security Policy reports may be able to leak information via redirect behavior. This could allow a remote attacker to access confidential data.
Recommendations
For WPE WebKit, update to a version that includes the fix for this issue.
For iOS, update to version 15.1 or later.
For iPadOS, update to version 15.1 or later.
For macOS Monterey, update to version 12.0.1 or later.
For iOS, update to version 14.8.1 or later.
For iPadOS, update to version 14.8.1 or later.
For tvOS, update to version 15.1 or later.
For watchOS, update to version 8.1 or later.
Exploit
Fix
Open Redirect
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Apple Macos
Red Hat
Rocky Linux
Suse
Ios
Ipados
Macos Monterey
Tvos
Watchos