CVE-2021-1789: Apple Multiple Products Type Confusion Vulnerability
First published: Tue Jan 26 2021(Updated: )
WebKit. A type confusion issue was addressed with improved state handling.
Credit: @S0rryMybad 360 Vulcan Team @S0rryMybad 360 Vulcan Team @S0rryMybad 360 Vulcan Team @S0rryMybad 360 Vulcan Team @S0rryMybad 360 Vulcan Team product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iOS | <14.4 | 14.4 |
| Apple iPadOS | <14.4 | 14.4 |
| Apple macOS Big Sur | <11.2 | 11.2 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple watchOS | <7.3 | 7.3 |
| Apple tvOS | <14.4 | 14.4 |
| Apple Safari | <14.0.3 | 14.0.3 |
| Apple Multiple Products | ||
| Apple iPadOS | <14.4 | |
| Apple iPhone OS | <14.4 | |
| Apple Mac OS X | >=10.14<10.14.6 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-security_update_2020-007 | |
| Apple Mac OS X | =10.14.6-supplemental_update | |
| Apple Mac OS X | =10.14.6-supplemental_update_2 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0<11.2 | |
| Apple tvOS | <14.4 | |
| Apple watchOS | <7.3 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| WebKitGTK WebKitGTK | <2.30.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212146 (Advisory)
- https://support.apple.com/en-us/HT212147 (Advisory)
- https://support.apple.com/en-us/HT212148 (Advisory)
- https://support.apple.com/en-us/HT212149 (Advisory)
- https://support.apple.com/en-us/HT212152 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
- https://security.gentoo.org/glsa/202104-03
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1761
- CVE-2021-1797
- CVE-2021-1794
- CVE-2021-1795
- CVE-2021-1796
- CVE-2021-1780
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1786
- CVE-2021-1787
- CVE-2021-1791
- CVE-2021-1758
- CVE-2021-1773
- CVE-2021-1766
- CVE-2021-1785
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1818
- CVE-2021-1838
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1793
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1778
- CVE-2021-1783
- CVE-2021-1757
- CVE-2021-1748
- CVE-2021-1764
- CVE-2021-1750
- CVE-2021-1782
- CVE-2021-1781
- CVE-2021-1763
- CVE-2021-1768
- CVE-2021-1745
- CVE-2021-1762
- CVE-2021-1767
- CVE-2021-1753
- CVE-2021-1756
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1789
- CVE-2021-1801
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2020-27945
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1736
- CVE-2021-1777
- CVE-2021-1779
- CVE-2020-27904
- CVE-2020-29633
- CVE-2021-1771
- CVE-2020-29614
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1765
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-1789.
Which Apple products are affected by this vulnerability?
Multiple Apple products including Apple Multiple Products, Safari, macOS Big Sur, Catalina, Mojave, watchOS, iOS, iPadOS, and tvOS are affected.
What is the risk of this vulnerability?
The vulnerability allows processing of maliciously crafted web content, leading to arbitrary code execution.
How can I fix this vulnerability?
Apply the available security updates or patches provided by Apple for the affected products.
Where can I find more information about this vulnerability?
You can find more information about this vulnerability on the following references: [Apple Support - HT212147](https://support.apple.com/en-us/HT212147), [Apple Support - HT212148](https://support.apple.com/en-us/HT212148), [Apple Support - HT212146](https://support.apple.com/en-us/HT212146).
- agent/author
- agent/description
- agent/event
- agent/first-publish-date
- agent/last-modified-date
- agent/references
- agent/severity
- agent/softwarecombine
- agent/tags
- agent/title
- agent/type
- agent/weakness
- collector/apple-support
- agent/software-canonical-lookup-request
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- collector/nvd-index
- vendor/apple
- canonical/apple ios
- canonical/apple ipados
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple safari
- canonical/apple multiple products
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.14
- version/apple mac os x/10.15
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-security_update_2020-007
- version/apple mac os x/10.14.6-supplemental_update
- version/apple mac os x/10.14.6-supplemental_update_2
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk