CVE-2021-1765

MEDIUM EXPLOITED

macOS 10.14-10.14.5 and 11.0-11.1 - Iframe Sandbox Policy Bypass

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-1765 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

References (4)

Core 4
Core References
Release Notes, Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212147
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-03

Scores

CVSS v3 6.5
EPSS 0.0141
EPSS Percentile 69.6%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2021-08-16
Status published
Products (7)
apple/mac_os_x 10.14.6 (14 CPE variants)
apple/mac_os_x 10.15.7 (2 CPE variants)
apple/mac_os_x 10.14 - 10.14.6
apple/macos 11.0 - 11.2
fedoraproject/fedora 32
fedoraproject/fedora 33
webkitgtk/webkitgtk < 2.30.6
Published Apr 02, 2021
Tracked Since Feb 18, 2026