Published: 24/08/2021 Updated: 07/11/2023

CVSS v2 Base Score: 4.3 | Impact Score: 2.9 | Exploitability Score: 8.6

CVSS v3 Base Score: 5.5 | Impact Score: 3.6 | Exploitability Score: 1.8

VMScore: 384

Vector: AV:N/AC:M/Au:N/C:N/I:P/A:N

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.0.1. A malicious application may bypass Gatekeeper checks.

Vulnerable Product	Search on Vulmon	Subscribe to Product
apple safari
apple macos

Infosec chap: I found a way to hijack your web accounts, turn on your webcam from Safari – and Apple gave me $100k

The Register • Gareth Corfield • 26 Jan 2022

Get our weekly newsletter Now you see a harmless PNG. Now it's a malicious payload. Look into my eyes

A security bod scored a $100,500 bug bounty from Apple after discovering a vulnerability in Safari on macOS that could have been exploited by a malicious website to potentially access victims' logged-in online accounts – and even their webcams. Ryan Pickren, last seen on The Register after scooping $75k from Cupertino's coffers for finding an earlier webcam-snooping flaw, said the universal cross-site scripting (UXSS) bug in Safari could have been abused by a webpage to hijack a web account th...

CVE-2021-30861

Vulnerability Summary

Vulnerability Trend

Recent Articles

References

Vulmon Search

About

Products

Connect