CVE-2021-1857
First published: Thu Apr 22 2021(Updated: )
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.
Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Apple iTunes for Windows | <12.11.3 | 12.11.3 |
| Apple Mojave | ||
| Apple iCloud for Windows | <12.3 | 12.3 |
| Apple Catalina | ||
| Apple macOS Big Sur | <11.3 | 11.3 |
| Apple tvOS | <14.5 | 14.5 |
| Apple watchOS | <7.4 | 7.4 |
| Apple iOS | <14.5 | 14.5 |
| Apple iPadOS | <14.5 | 14.5 |
| Apple Icloud Windows | <12.3 | |
| Apple Itunes Windows | <12.11.3 | |
| Apple iPadOS | <14.5 | |
| Apple iPhone OS | <14.5 | |
| Apple Mac OS X | =10.14 | |
| Apple Mac OS X | =10.14.0 | |
| Apple Mac OS X | =10.14.1 | |
| Apple Mac OS X | =10.14.2 | |
| Apple Mac OS X | =10.14.3 | |
| Apple Mac OS X | =10.14.4 | |
| Apple Mac OS X | =10.14.4-beta4 | |
| Apple Mac OS X | =10.14.5 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6 | |
| Apple Mac OS X | =10.14.6-security_update_2019-001 | |
| Apple Mac OS X | =10.14.6-security_update_2019-002 | |
| Apple Mac OS X | =10.14.6-security_update_2019-004 | |
| Apple Mac OS X | =10.14.6-security_update_2019-005 | |
| Apple Mac OS X | =10.14.6-security_update_2019-006 | |
| Apple Mac OS X | =10.14.6-security_update_2019-007 | |
| Apple Mac OS X | =10.14.6-security_update_2020-001 | |
| Apple Mac OS X | =10.14.6-security_update_2020-002 | |
| Apple Mac OS X | =10.14.6-security_update_2020-003 | |
| Apple Mac OS X | =10.14.6-security_update_2020-004 | |
| Apple Mac OS X | =10.14.6-security_update_2020-005 | |
| Apple Mac OS X | =10.14.6-security_update_2020-006 | |
| Apple Mac OS X | =10.14.6-security_update_2020-007 | |
| Apple Mac OS X | =10.14.6-security_update_2021-001 | |
| Apple Mac OS X | =10.14.6-security_update_2021-002 | |
| Apple Mac OS X | =10.15 | |
| Apple Mac OS X | =10.15.1 | |
| Apple Mac OS X | =10.15.2 | |
| Apple Mac OS X | =10.15.3 | |
| Apple Mac OS X | =10.15.4 | |
| Apple Mac OS X | =10.15.5 | |
| Apple Mac OS X | =10.15.6 | |
| Apple Mac OS X | =10.15.6 | |
| Apple Mac OS X | =10.15.6-supplemental_update | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-security_update_2020-001 | |
| Apple Mac OS X | =10.15.7-security_update_2020-005 | |
| Apple Mac OS X | =10.15.7-security_update_2020-007 | |
| Apple Mac OS X | =10.15.7-security_update_2021-001 | |
| Apple macOS | >=11.0<11.3 | |
| Apple tvOS | <14.5 | |
| Apple watchOS | <7.4 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://support.apple.com/en-us/HT212319 (Advisory)
- https://support.apple.com/en-us/HT212327 (Advisory)
- https://support.apple.com/en-us/HT212321 (Advisory)
- https://support.apple.com/en-us/HT212326 (Advisory)
- https://support.apple.com/en-us/HT212325 (Advisory)
- https://support.apple.com/en-us/HT212317 (Advisory)
- https://support.apple.com/en-us/HT212323 (Advisory)
- https://support.apple.com/en-us/HT212324 (Advisory)
- https://support.apple.com/kb/HT212324
Parent vulnerabilities
(Appears in the following advisories)
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1857
- CVE-2021-1811
- CVE-2021-1825
- CVE-2020-7463
- CVE-2021-1797
- CVE-2021-1808
- CVE-2021-1809
- CVE-2021-1847
- CVE-2020-8284
- CVE-2020-8285
- CVE-2020-8286
- CVE-2021-1784
- CVE-2021-1881
- CVE-2020-27942
- CVE-2021-1813
- CVE-2021-1843
- CVE-2021-1805
- CVE-2021-1806
- CVE-2021-1834
- CVE-2021-1860
- CVE-2021-1851
- CVE-2021-1840
- CVE-2021-30652
- CVE-2021-1875
- CVE-2021-1876
- CVE-2021-1739
- CVE-2021-1878
- CVE-2021-1868
- CVE-2020-8037
- CVE-2021-1839
- CVE-2021-1828
- CVE-2020-3838
- CVE-2021-1873
- CVE-2021-1810
- CVE-2021-1846
- CVE-2021-1882
- CVE-2021-1858
- CVE-2021-1841
- CVE-2021-1832
- CVE-2021-1824
- CVE-2021-1740
- CVE-2021-30657
- CVE-2021-30655
- CVE-2021-1853
- CVE-2021-1849
- CVE-2021-1867
- CVE-2021-30752
- CVE-2021-30664
- CVE-2021-30659
- CVE-2021-1872
- CVE-2021-1883
- CVE-2021-1884
- CVE-2021-1880
- CVE-2021-30653
- CVE-2021-1814
- CVE-2021-1885
- CVE-2021-30743
- CVE-2021-30658
- CVE-2021-30660
- CVE-2021-1859
- CVE-2021-1815
- CVE-2021-1861
- CVE-2021-1855
- CVE-2021-30750
- CVE-2021-30856
- CVE-2021-1817
- CVE-2021-1826
- CVE-2021-1820
- CVE-2021-30661
- CVE-2021-1829
- CVE-2021-1770
- CVE-2021-1836
- CVE-2021-30764
- CVE-2021-1864
- CVE-2021-1816
- CVE-2021-1822
- CVE-2021-1844
- CVE-2021-1807
- CVE-2021-1835
- CVE-2021-1837
- CVE-2021-30742
- CVE-2021-1812
- CVE-2021-30656
- CVE-2021-30662
- CVE-2021-1877
- CVE-2021-1852
- CVE-2021-1830
- CVE-2021-1874
- CVE-2021-1833
- CVE-2021-1865
- CVE-2021-1863
- CVE-2021-1831
- CVE-2021-1862
- CVE-2021-1854
- CVE-2021-30921
- CVE-2021-1848
Frequently Asked Questions
What is CVE-2021-1857?
CVE-2021-1857 is a vulnerability related to CFNetwork in Apple iOS, iPadOS, watchOS, iCloud for Windows, iTunes for Windows, macOS Big Sur, Catalina, tvOS, and Mojave.
How does CVE-2021-1857 impact the affected software?
CVE-2021-1857 addresses a memory initialization issue in CFNetwork with improved memory handling.
Which versions of Apple iOS, iPadOS, watchOS, iCloud for Windows, iTunes for Windows, macOS Big Sur, Catalina, tvOS, and Mojave are affected by CVE-2021-1857?
CVE-2021-1857 affects up to and excluding version 14.5 of Apple iOS and iPadOS, up to and excluding version 7.4 of watchOS, version up to and excluding 12.3 of iCloud for Windows, up to and excluding version 12.11.3 of iTunes for Windows, up to and excluding version 11.3 of macOS Big Sur, up to and excluding version 14.5 of tvOS, and all versions of Catalina and Mojave.
How severe is CVE-2021-1857?
The severity of CVE-2021-1857 is not specified in the information provided.
How can I fix CVE-2021-1857?
To fix CVE-2021-1857, update your Apple iOS, iPadOS, watchOS, iCloud for Windows, iTunes for Windows, macOS Big Sur, Catalina, tvOS, or Mojave to the specified versions or later as recommended by Apple.
- collector/apple-support
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/software-canonical-lookup-request
- agent/author
- agent/weakness
- agent/severity
- agent/event
- source/Apple
- agent/software-canonical-lookup
- agent/references
- agent/description
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- collector/mitre-cve
- source/MITRE
- vendor/apple
- canonical/apple itunes for windows
- canonical/apple mojave
- canonical/apple icloud for windows
- canonical/apple catalina
- canonical/apple macos big sur
- canonical/apple tvos
- canonical/apple watchos
- canonical/apple ios
- canonical/apple ipados
- canonical/apple icloud windows
- canonical/apple itunes windows
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.14
- version/apple mac os x/10.14.0
- version/apple mac os x/10.14.1
- version/apple mac os x/10.14.2
- version/apple mac os x/10.14.3
- version/apple mac os x/10.14.4
- version/apple mac os x/10.14.4-beta4
- version/apple mac os x/10.14.5
- version/apple mac os x/10.14.6
- version/apple mac os x/10.14.6-security_update_2019-001
- version/apple mac os x/10.14.6-security_update_2019-002
- version/apple mac os x/10.14.6-security_update_2019-004
- version/apple mac os x/10.14.6-security_update_2019-005
- version/apple mac os x/10.14.6-security_update_2019-006
- version/apple mac os x/10.14.6-security_update_2019-007
- version/apple mac os x/10.14.6-security_update_2020-001
- version/apple mac os x/10.14.6-security_update_2020-002
- version/apple mac os x/10.14.6-security_update_2020-003
- version/apple mac os x/10.14.6-security_update_2020-004
- version/apple mac os x/10.14.6-security_update_2020-005
- version/apple mac os x/10.14.6-security_update_2020-006
- version/apple mac os x/10.14.6-security_update_2020-007
- version/apple mac os x/10.14.6-security_update_2021-001
- version/apple mac os x/10.14.6-security_update_2021-002
- version/apple mac os x/10.15
- version/apple mac os x/10.15.1
- version/apple mac os x/10.15.2
- version/apple mac os x/10.15.3
- version/apple mac os x/10.15.4
- version/apple mac os x/10.15.5
- version/apple mac os x/10.15.6
- version/apple mac os x/10.15.6-supplemental_update
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-security_update_2020-001
- version/apple mac os x/10.15.7-security_update_2020-005
- version/apple mac os x/10.15.7-security_update_2020-007
- version/apple mac os x/10.15.7-security_update_2021-001
- canonical/apple macos
- version/apple macos/11.0