CVE-2021-1871: Apple iOS, iPadOS, and macOS Remote Code Execution Vulnerability
First published: Tue Jan 26 2021(Updated: )
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Credit: an anonymous researcher an anonymous researcher an anonymous researcher an anonymous researcher product-security@apple.com product-security@apple.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| debian/webkit2gtk | 2.36.4-1~deb10u1 2.38.6-0+deb10u1 2.40.5-1~deb11u1 2.42.1-1~deb11u2 2.40.5-1~deb12u1 2.42.1-1~deb12u1 2.42.1-2 | |
| debian/wpewebkit | 2.38.6-1~deb11u1 2.38.6-1 2.42.1-1 | |
| Apple macOS Big Sur | <11.2 | 11.2 |
| Apple Catalina | ||
| Apple Mojave | ||
| Apple iOS, iPadOS, and macOS | ||
| Apple iOS | <14.4 | 14.4 |
| Apple iPadOS | <14.4 | 14.4 |
| Apple Ipad Os | <14.4 | |
| Apple iPhone OS | <14.4 | |
| Apple Mac OS X | >=10.15<10.15.7 | |
| Apple Mac OS X | =10.15.7 | |
| Apple Mac OS X | =10.15.7-security_update_2020 | |
| Apple Mac OS X | =10.15.7-supplemental_update | |
| Apple macOS | >=11.0.1<11.2 | |
| Debian Debian Linux | =10.0 | |
| Fedoraproject Fedora | =33 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://webkitgtk.org/security/WSA-2021-0003.html
- https://security-tracker.debian.org/tracker/CVE-2021-1871
- https://support.apple.com/en-us/HT212147 (Advisory)
- https://support.apple.com/en-us/HT212146 (Advisory)
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
- https://www.debian.org/security/2021/dsa-4923
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Peer vulnerabilities
(Found alongside the following vulnerabilities)
- CVE-2021-1761
- CVE-2021-1797
- CVE-2020-27945
- CVE-2021-1760
- CVE-2021-1747
- CVE-2021-1776
- CVE-2021-1759
- CVE-2021-1772
- CVE-2021-1792
- CVE-2021-1787
- CVE-2021-1786
- CVE-2020-27937
- CVE-2021-1802
- CVE-2021-1791
- CVE-2021-1790
- CVE-2021-1775
- CVE-2020-29608
- CVE-2021-1758
- CVE-2021-1783
- CVE-2021-1741
- CVE-2021-1743
- CVE-2021-1773
- CVE-2021-1778
- CVE-2021-1736
- CVE-2021-1785
- CVE-2021-1766
- CVE-2021-1818
- CVE-2021-1742
- CVE-2021-1746
- CVE-2021-1754
- CVE-2021-1774
- CVE-2021-1777
- CVE-2021-1793
- CVE-2021-1737
- CVE-2021-1738
- CVE-2021-1744
- CVE-2021-1779
- CVE-2021-1757
- CVE-2020-27904
- CVE-2021-1764
- CVE-2021-1782
- CVE-2021-1750
- CVE-2020-29633
- CVE-2021-1781
- CVE-2021-1771
- CVE-2021-1762
- CVE-2020-29614
- CVE-2021-1763
- CVE-2021-1767
- CVE-2021-1745
- CVE-2021-1753
- CVE-2021-1768
- CVE-2021-1751
- CVE-2020-25709
- CVE-2020-27938
- CVE-2019-20838
- CVE-2020-14155
- CVE-2020-15358
- CVE-2021-1769
- CVE-2021-1788
- CVE-2021-1765
- CVE-2021-1801
- CVE-2021-1789
- CVE-2021-1871
- CVE-2021-1870
- CVE-2021-1799
- CVE-2021-30869
- CVE-2021-1794
- CVE-2021-1795
- CVE-2021-1796
- CVE-2021-1780
- CVE-2021-1838
- CVE-2021-1748
- CVE-2021-1756
Frequently Asked Questions
What is the vulnerability ID for this issue?
The vulnerability ID for this issue is CVE-2021-1871.
What is the title of this vulnerability?
The title of this vulnerability is Apple iOS iPadOS and macOS Remote Code Execution Vulnerability.
Which software is affected by this vulnerability?
Apple iOS, iPadOS, and macOS are affected by this vulnerability.
How can a remote attacker exploit this vulnerability?
A remote attacker can exploit this vulnerability to execute code.
Where can I find more information about this vulnerability?
More information about this vulnerability can be found on the Apple support website: [link](https://support.apple.com/en-us/HT212147) and [link](https://support.apple.com/en-us/HT212146).
- collector/security-tracker-debian
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- collector/apple-support
- alias/CVE-2021-1870
- agent/software-canonical-lookup-request
- agent/event
- agent/references
- agent/title
- agent/severity
- agent/author
- collector/nvd-index
- agent/softwarecombine
- agent/tags
- exploited/true
- collector/cisa-known-exploited
- source/CISA
- agent/software-canonical-lookup
- agent/description
- collector/nvd-api
- source/NVD
- package-manager/debian
- vendor/apple
- canonical/apple macos big sur
- canonical/apple catalina
- canonical/apple mojave
- canonical/apple ios
- canonical/apple ipados
- canonical/apple ipad os
- canonical/apple iphone os
- canonical/apple mac os x
- version/apple mac os x/10.15
- version/apple mac os x/10.15.7
- version/apple mac os x/10.15.7-security_update_2020
- version/apple mac os x/10.15.7-supplemental_update
- canonical/apple macos
- version/apple macos/11.0.1
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/33
- canonical/apple ios, ipados, and macos