Published: 02/04/2021 Updated: 09/01/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 6.1 | Impact Score: 2.7 | Exploitability Score: 2.8

VMScore: 383

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

Apple iOS, iPadOS and watchOS universal XSS exploited in the wild. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited. Versions of iPhone, iPad, iPod, Apple Watch are affected.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple watchos
apple iphone os
apple ipados

because people want to test it

PS4CVE20211879 because people want to test it link to the original post : googleprojectzerogithubio/0days-in-the-wild/0day-RCAs/2021/CVE-2021-1879html

Patch alert for Apple fans: Cybercrooks have already been exploiting this flaw in iPhones, iPads, and watches

The Register • Iain Thomson in San Francisco • 29 Mar 2021

Plus: Did Google expose a Western spying op? Who cares? You're safer

In brief Apple has issued critical security patches for all supported phones, fondleslabs, and watches after being alerted to multiple possible intrusions by Google. The fix issued on Friday for iOS 14.4.2 and iPadOS 14.4.2, CVE-2021-1879, is urgently needed. According to Apple, the flaw allows for the creation of "maliciously crafted web content," which "may lead to universal cross-site scripting." Apple has heard that the code snafu "may have been actively exploited." To make matters worse, th...

CVE-2021-1879

Vulnerability Summary

Vulnerability Trend

Github Repositories

Recent Articles

References

Vulmon Search

About

Products

Connect