What is CVE-2021-1844?

CVE-2021-1844 is a memory corruption issue in WebKit that has been addressed with improved validation.

Which software is affected by CVE-2021-1844?

The following software versions are affected: Apple Safari 14.0.3, Apple iOS up to 14.4.1, Apple iPadOS up to 14.4.1, Apple watchOS up to 7.3.2, Apple macOS Big Sur up to 11.2.3, and Apple tvOS up to 14.5.

How can I fix the vulnerability?

To fix the vulnerability, update your software to the following versions: Apple Safari 14.0.3, Apple iOS 14.4.1, Apple iPadOS 14.4.1, Apple watchOS 7.3.2, Apple macOS Big Sur 11.2.3, and Apple tvOS 14.5.

Where can I find more information about CVE-2021-1844?

You can find more information about CVE-2021-1844 on the official Apple support page at the following links: [Link-1](https://support.apple.com/en-us/HT212222), [Link-2](https://support.apple.com/en-us/HT212220), [Link-3](https://support.apple.com/en-us/HT212221).

Vulnerability/
CVE-2021-1844

high

8.8

CWE

787

8/3/2021

2/4/2021

9/1/2023

CVE-2021-1844

First published: Mon Mar 08 2021(Updated: )

A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.

Credit: Clément Lecigne GoogleAlison Huffman Microsoft Browser Vulnerability ResearchClément Lecigne GoogleAlison Huffman Microsoft Browser Vulnerability ResearchClément Lecigne GoogleAlison Huffman Microsoft Browser Vulnerability ResearchClément Lecigne GoogleAlison Huffman Microsoft Browser Vulnerability ResearchClément Lecigne GoogleAlison Huffman Microsoft Browser Vulnerability Research product-security@apple.com

Affected Software	Affected Version	How to fix
debian/webkit2gtk		2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2
debian/wpewebkit		2.38.6-1~deb11u1 2.38.6-1 2.42.1-1
Apple macOS Big Sur	<11.2.3	11.2.3
Apple Safari	<14.0.3	14.0.3
Apple watchOS	<7.3.2	7.3.2
Apple iOS	<14.4.1	14.4.1
Apple iPadOS	<14.4.1	14.4.1
Apple tvOS	<14.5	14.5
Apple Safari	<14.0.3
Apple iPadOS	<14.4.1
Apple iPhone OS	<14.4.1
Apple macOS	<11.2.3
Apple tvOS	<14.5
Apple watchOS	<7.3.2
Debian Debian Linux	=10.0
Fedoraproject Fedora	=33

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

What is CVE-2021-1844?
CVE-2021-1844 is a memory corruption issue in WebKit that has been addressed with improved validation.
Which software is affected by CVE-2021-1844?
The following software versions are affected: Apple Safari 14.0.3, Apple iOS up to 14.4.1, Apple iPadOS up to 14.4.1, Apple watchOS up to 7.3.2, Apple macOS Big Sur up to 11.2.3, and Apple tvOS up to 14.5.
How can I fix the vulnerability?
To fix the vulnerability, update your software to the following versions: Apple Safari 14.0.3, Apple iOS 14.4.1, Apple iPadOS 14.4.1, Apple watchOS 7.3.2, Apple macOS Big Sur 11.2.3, and Apple tvOS 14.5.
Where can I find more information about CVE-2021-1844?
You can find more information about CVE-2021-1844 on the official Apple support page at the following links: [Link-1](https://support.apple.com/en-us/HT212222), [Link-2](https://support.apple.com/en-us/HT212220), [Link-3](https://support.apple.com/en-us/HT212221).

agent/author
agent/description
agent/event
agent/first-publish-date
agent/last-modified-date
agent/references
agent/severity
agent/softwarecombine
agent/tags
agent/type
agent/weakness
collector/apple-support
agent/software-canonical-lookup-request
collector/nvd-index
collector/security-tracker-debian
vendor/apple
canonical/apple macos big sur
canonical/apple ios
canonical/apple ipados
canonical/apple watchos
canonical/apple safari
canonical/apple tvos
canonical/apple iphone os
canonical/apple macos
vendor/debian
canonical/debian debian linux
version/debian debian linux/10.0
vendor/fedoraproject
canonical/fedoraproject fedora
version/fedoraproject fedora/33
package-manager/debian

CVE-2021-1844

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Peer vulnerabilities

Frequently Asked Questions

What is CVE-2021-1844?

Which software is affected by CVE-2021-1844?

How can I fix the vulnerability?

Where can I find more information about CVE-2021-1844?

Company

Resources

Contact