CVE-2021-1801
First published: Tue Jan 26 2021(Updated: )
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
Credit: Eliya Stein ConfiantEliya Stein ConfiantEliya Stein ConfiantEliya Stein ConfiantEliya Stein Confiant product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple macOS Big Sur | <11.2 | 11.2 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple watchOS | <7.3 | 7.3 |
| Apple tvOS | <14.4 | 14.4 |
| Apple iOS | <14.4 | 14.4 |
| Apple iPadOS | <14.4 | 14.4 |
| Apple Ipad Os | <14.4 | |
| Apple iPhone OS | <14.4 | |
| Apple macOS | >=11.0.1<11.2 | |
| Apple tvOS | <14.4 | |
| Apple watchOS | <7.3 | |
| Fedoraproject Fedora | =32 | |
| Fedoraproject Fedora | =33 | |
| WebKitGTK WebKitGTK | <2.30.6 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212147 (Advisory)
- https://support.apple.com/en-us/HT212148 (Advisory)
- https://support.apple.com/en-us/HT212149 (Advisory)
- https://support.apple.com/en-us/HT212146 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
- https://security.gentoo.org/glsa/202104-03
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1761
- CVE-2021-1797
- CVE-2020-27945
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1787
- CVE-2021-1786
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1791
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1758
- CVE-2021-1783
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1773
- CVE-2021-1778
- CVE-2021-1736
- CVE-2021-1785
- CVE-2021-1766
- CVE-2021-1818
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1779
- CVE-2021-1757
- CVE-2020-27904
- CVE-2021-1764
- CVE-2021-1782
- CVE-2021-1750
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1765
- CVE-2021-1801
- CVE-2021-1789
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2021-1748
- CVE-2021-1794
- CVE-2021-1795
- CVE-2021-1796
- CVE-2021-1780
- CVE-2021-1838
- CVE-2021-1756
Frequently Asked Questions
What is the vulnerability ID of this issue?
The vulnerability ID of this issue is CVE-2021-1801.
What software versions are affected by this vulnerability?
macOS Big Sur 11.2, Apple Catalina, Apple Mojave, watchOS up to version 7.3, iOS up to version 14.4, iPadOS up to version 14.4, tvOS up to version 14.4.
How was this vulnerability addressed?
This vulnerability was addressed with improved iframe sandbox enforcement.
Is there a remedy available?
Yes, Apple has provided a remedy for the affected software versions.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found on the Apple support website: [link1](https://support.apple.com/en-us/HT212149), [link2](https://support.apple.com/en-us/HT212147), [link3](https://support.apple.com/en-us/HT212148).
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/apple-support
- alias/CVE-2021-1801
- agent/software-canonical-lookup-request
- agent/references
- agent/severity
- agent/author
- agent/event
- agent/description
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple watchos
- canonical/apple tvos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple ipad os
- canonical/apple iphone os
- canonical/apple macos
- version/apple macos/11.0.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/32
- version/fedoraproject fedora/33
- vendor/webkitgtk
- canonical/webkitgtk webkitgtk