CVE-2021-1765
MEDIUM EXPLOITEDmacOS 10.14-10.14.5 and 11.0-11.1 - Iframe Sandbox Policy Bypass
Title source: llmExploitation Summary
CVE-2021-1765 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.
References (4)
Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212147
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202104-03
Scores
CVSS v3
6.5
EPSS
0.0141
EPSS Percentile
69.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
VulnCheck KEV
2021-08-16
Status
published
Products (7)
apple/mac_os_x
10.14.6 (14 CPE variants)
apple/mac_os_x
10.15.7 (2 CPE variants)
apple/mac_os_x
10.14 - 10.14.6
apple/macos
11.0 - 11.2
fedoraproject/fedora
32
fedoraproject/fedora
33
webkitgtk/webkitgtk
< 2.30.6
Published
Apr 02, 2021
Tracked Since
Feb 18, 2026