What is the vulnerability ID?

The vulnerability ID is CVE-2021-1873.

What is the affected software?

The affected software includes Apple Catalina, Apple Mojave, and Apple macOS Big Sur 11.3 (up to, but not including, version 11.4).

What was the issue with Accessibility TCC permissions in WindowServer?

There was an API issue in Accessibility TCC permissions that allowed unauthorized access.

How was the issue addressed?

The issue was addressed with improved state management in WindowServer.

Where can I find more information and support?

You can find more information and support on the official Apple support page.

Vulnerability/
CVE-2021-1873

medium

6.5

26/4/2021

8/9/2021

3/8/2024

CVE-2021-1873

First published: Mon Apr 26 2021(Updated: )

An API issue in Accessibility TCC permissions was addressed with improved state management. This issue is fixed in macOS Big Sur 11.3, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave. A malicious application may be able to unexpectedly leak a user's credentials from secure text fields.

Credit: an anonymous researcher an anonymous researcher product-security@apple.com an anonymous researcher

Affected Software	Affected Version	How to fix
Apple macOS	<11.3	11.3
macOS Catalina
macOS Mojave
Apple iOS and macOS	>=10.14<=10.14.5
Apple iOS and macOS	>=10.15<=10.15.5
Apple iOS and macOS	=10.14.6
Apple iOS and macOS	=10.14.6-security_update_2019-001
Apple iOS and macOS	=10.14.6-security_update_2019-002
Apple iOS and macOS	=10.14.6-security_update_2019-004
Apple iOS and macOS	=10.14.6-security_update_2019-005
Apple iOS and macOS	=10.14.6-security_update_2019-006
Apple iOS and macOS	=10.14.6-security_update_2019-007
Apple iOS and macOS	=10.14.6-security_update_2020-001
Apple iOS and macOS	=10.14.6-security_update_2020-002
Apple iOS and macOS	=10.14.6-security_update_2020-003
Apple iOS and macOS	=10.14.6-security_update_2020-004
Apple iOS and macOS	=10.14.6-security_update_2020-005
Apple iOS and macOS	=10.14.6-security_update_2020-006
Apple iOS and macOS	=10.14.6-security_update_2020-007
Apple iOS and macOS	=10.14.6-security_update_2021-001
Apple iOS and macOS	=10.14.6-security_update_2021-002
Apple iOS and macOS	=10.14.6-supplemental_update
Apple iOS and macOS	=10.14.6-supplemental_update_2
Apple iOS and macOS	=10.15.6
Apple iOS and macOS	=10.15.6-supplemental_update
Apple iOS and macOS	=10.15.7
Apple iOS and macOS	=10.15.7-security_update_2020
Apple iOS and macOS	=10.15.7-security_update_2020-001
Apple iOS and macOS	=10.15.7-security_update_2020-005
Apple iOS and macOS	=10.15.7-security_update_2020-007
Apple iOS and macOS	=10.15.7-security_update_2021-001
Apple iOS and macOS	=10.15.7-supplemental_update
Apple iOS and macOS	>=11.0<11.3

Never miss a vulnerability like this again

Reference Links

https://support.apple.com/en-us/HT212327 (Advisory)
https://support.apple.com/en-us/HT212326 (Advisory)
https://support.apple.com/en-us/HT212325 (Advisory)

Parent vulnerabilities

(Appears in the following advisories)

Peer vulnerabilities

(Found alongside the following vulnerabilities)

CVE-2021-1853
CVE-2021-1849
CVE-2021-1867
CVE-2021-1810
CVE-2021-1808
CVE-2021-1857
CVE-2021-30752
CVE-2021-30664
CVE-2021-1846
CVE-2021-1809
CVE-2021-30659
CVE-2021-1847
CVE-2021-1811
CVE-2020-8284
CVE-2020-8286
CVE-2020-8285
CVE-2021-1784
CVE-2021-1872
CVE-2021-1881
CVE-2021-1882
CVE-2021-1813
CVE-2021-1883
CVE-2021-1884
CVE-2021-1880
CVE-2021-30653
CVE-2021-1814
CVE-2021-1843
CVE-2021-1885
CVE-2021-1858
CVE-2021-30743
CVE-2021-30658
CVE-2021-1841
CVE-2021-1834
CVE-2021-1860
CVE-2021-1840
CVE-2021-1851
CVE-2021-1832
CVE-2021-30660
CVE-2021-30652
CVE-2021-1875
CVE-2021-1824
CVE-2021-1859
CVE-2021-1876
CVE-2021-1815
CVE-2021-1739
CVE-2021-1740
CVE-2021-1861
CVE-2021-1855
CVE-2021-1868
CVE-2021-30750
CVE-2021-1878
CVE-2021-30657
CVE-2021-30856
CVE-2020-8037
CVE-2021-1839
CVE-2021-1825
CVE-2021-1817
CVE-2021-1826
CVE-2021-1820
CVE-2021-30661
CVE-2020-7463
CVE-2021-1828
CVE-2021-1829
CVE-2021-30655
CVE-2021-1770
CVE-2021-1873
CVE-2021-1797
CVE-2020-27942
CVE-2020-3838
CVE-2021-1805
CVE-2021-1806

Frequently Asked Questions

What is the vulnerability ID?
The vulnerability ID is CVE-2021-1873.
What is the affected software?
The affected software includes Apple Catalina, Apple Mojave, and Apple macOS Big Sur 11.3 (up to, but not including, version 11.4).
What was the issue with Accessibility TCC permissions in WindowServer?
There was an API issue in Accessibility TCC permissions that allowed unauthorized access.
How was the issue addressed?
The issue was addressed with improved state management in WindowServer.
Where can I find more information and support?
You can find more information and support on the official Apple support page.

agent/type
agent/first-publish-date
collector/mitre-cve
source/MITRE
agent/severity
agent/last-modified-date
agent/author
agent/references
agent/description
agent/event
agent/trending
agent/source
collector/apple-support
agent/software-canonical-lookup-request
agent/tags
agent/softwarecombine
collector/nvd-index
vendor/apple
canonical/apple macos
canonical/macos catalina
canonical/macos mojave
canonical/apple ios and macos
version/apple ios and macos/10.14
version/apple ios and macos/10.14.5
version/apple ios and macos/10.15
version/apple ios and macos/10.15.5
version/apple ios and macos/10.14.6
version/apple ios and macos/10.14.6-security_update_2019-001
version/apple ios and macos/10.14.6-security_update_2019-002
version/apple ios and macos/10.14.6-security_update_2019-004
version/apple ios and macos/10.14.6-security_update_2019-005
version/apple ios and macos/10.14.6-security_update_2019-006
version/apple ios and macos/10.14.6-security_update_2019-007
version/apple ios and macos/10.14.6-security_update_2020-001
version/apple ios and macos/10.14.6-security_update_2020-002
version/apple ios and macos/10.14.6-security_update_2020-003
version/apple ios and macos/10.14.6-security_update_2020-004
version/apple ios and macos/10.14.6-security_update_2020-005
version/apple ios and macos/10.14.6-security_update_2020-006
version/apple ios and macos/10.14.6-security_update_2020-007
version/apple ios and macos/10.14.6-security_update_2021-001
version/apple ios and macos/10.14.6-security_update_2021-002
version/apple ios and macos/10.14.6-supplemental_update
version/apple ios and macos/10.14.6-supplemental_update_2
version/apple ios and macos/10.15.6
version/apple ios and macos/10.15.6-supplemental_update
version/apple ios and macos/10.15.7
version/apple ios and macos/10.15.7-security_update_2020
version/apple ios and macos/10.15.7-security_update_2020-001
version/apple ios and macos/10.15.7-security_update_2020-005
version/apple ios and macos/10.15.7-security_update_2020-007
version/apple ios and macos/10.15.7-security_update_2021-001
version/apple ios and macos/10.15.7-supplemental_update
version/apple ios and macos/11.0