7.5
CVSSv2

CVE-2021-1871

Published: 02/04/2021 Updated: 31/05/2021
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Vulnerability Summary

A security issue exists in WebKitGTK prior to 2.32.0 and WPE WebKit prior to 2.32.0. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

apple ipad os

apple iphone os

apple mac os x

apple mac os x 10.15.7

apple macos

fedoraproject fedora 33

Vendor Advisories

About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available Recent releases are listed on the Apple security updates page Apple security documents reference vulnerabilities by CVE-ID when possible ...
The following vulnerabilities have been discovered in the webkit2gtk web engine: CVE-2021-1788 Francisco Alonso discovered that processing maliciously crafted web content may lead to arbitrary code execution CVE-2021-1844 Clement Lecigne and Alison Huffman discovered that processing maliciously crafted web content may lead to arbi ...
A security issue was discovered in WebKitGTK before 2320 and WPE WebKit before 2320 A remote attacker may be able to cause arbitrary code execution Apple is aware of a report that this issue may have been actively exploited ...

Mailing Lists

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-01-26-1 iOS 144 and iPadOS 144 iOS 144 and iPadOS 144 addresses the following issues Information about the security content is also available at supportapplecom/HT212146 Kernel Available for: iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod to ...
------------------------------------------------------------------------ WebKitGTK and WPE WebKit Security Advisory WSA-2021-0003 ------------------------------------------------------------------------ Date reported : March 29, 2021 Advisory ID : WSA-2021-0003 WebKitGTK Advisory URL : webkitgtkorg/s ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-02-01-2 Additional information for APPLE-SA-2021-01-26-1 iOS 144 and iPadOS 144 iOS 144 and iPadOS 144 addresses the following issues Information about the security content is also available at supportapplecom/HT212146 Analytics Available for: iPhone 6s and later, iPad ...
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 APPLE-SA-2021-02-01-1 macOS Big Sur 112, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave macOS Big Sur 112, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave addresses the following issues Information about the security content is also available at supp ...

Github Repositories

CVE-2021-1871 Proof-of-Concept (PoC) script to exploit CVE-2021-1871 Usage Achieves exploitation of CVE-2021-1871 chmod +x CVE-2021-1871sh sudo /CVE-2021-1871sh -c <TargetIP> sudo /CVE-2021-1871sh -l <ListoFIPs>

Recent Articles

Apple Fixes Zero‑Day Security Bugs Under Active Attack
Threatpost • Lisa Vaas • 04 May 2021

Apple has issued out-of-band patches for critical security issues affecting iPad, iPhone and iPod, which could allow remote code execution (RCE) and other attacks, completely compromising users’ systems. And, the computing giant thinks all of them may have already been exploited in the wild. 
Three of these are zero-day flaws, while one is an expanded patch for a fourth vulnerability. 
Apple keeps details of security problems close to the vest, “for our customers’ protection,...

Apple Plugs Severe WebKit Remote Code-Execution Hole
Threatpost • Lindsey O'Donnell • 09 Mar 2021

Apple is rolling out fixes for a high-severity vulnerability in its WebKit browser engine that, if exploited, could allow remote attackers to completely compromise affected systems.
The mobile giant released security updates on Monday for the flaw, for its Safari browser, as well as devices running macOS, watchOS and iOS.
The bug (CVE-2021-1844) ranks 7.7 out of 10 on the CVSS vulnerability-severity scale, making it high-severity. An exploit would allow an attacker to remotely execut...

Apple patches three iOS zero‑days under attack
welivesecurity • 27 Jan 2021

Apple has rolled out an update for its iOS and iPadOS operating systems to patch three zero-day security flaws that are being actively exploited in the wild. The trio of flaws affects various versions of iPhones and iPads and the latest generation of iPod touch.
“Apple is aware of a report that this issue may have been actively exploited,” reads Apple’s security advisory describing each security hole that is being plugged with the release of iOS and iPadOS 14.4.
The list of imp...

Apple emits emergency iOS security updates while warning holes may have been exploited in wild by hackers
The Register • Chris Williams, Editor in Chief • 26 Jan 2021

Plus fixes for iPadOS, tvOS, watchOS, XCode, iCloud for Windows – and a day after Google disclosed Nork op

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar.
Folks should check for and install the latest version of their iOS, iPadOS, watchOS, and tvOS software. Here's the quick run down of the programming blunders:
CVE-2021-1782: Fixed in iOS 14.4 and iPadOS 14.4, available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)....

The Register

Apple today released software updates to patch vulnerabilities in iPhones and iPads that may have been exploited by miscreants to silently snoop on victims from afar.
Folks should check for and install the latest version of their iOS, iPadOS, watchOS, and tvOS software. Here's the quick run down of the programming blunders:
CVE-2021-1782: Fixed in iOS 14.4 and iPadOS 14.4, available for iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch (7th generation)....

Apple fixes a iOS zero-day vulnerability actively used in attacks
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
"Apple is aware of a report that this issue may have been actively exploited.," the company
in a security advisory published today.
The vulnerability tracked as
was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group.
The zero-day was discovered in t...

Apple fixes iOS zero-day vulnerability exploited in the wild
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Apple has released security updates to address an iOS zero-day bug actively exploited in the wild and affecting iPhone, iPad, iPod, and Apple Watch devices.
"Apple is aware of reports that an exploit for this issue exists in the wild," the company
in a security advisory published today.
The vulnerability tracked as
was reported by Clement Lecigne of Google Threat Analysis Group and Billy Leonard of Google Threat Analysis Group.
The zero-day was discovered in th...

Apple fixes macOS zero-day bug exploited by Shlayer malware
BleepingComputer • Sergiu Gatlan • 01 Jan 1970

Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.
Shlayer's creators have managed to get their malicious payloads

If they pass this automated security check, macOS apps are allowed by Gatekeeper—a macOS security feature that verifies if downloaded apps have been checked for known malicious content—to run...