CVE-2021-1801

MEDIUM EXPLOITED

iPadOS < 14.4 - Sandbox Policy Bypass via Malicious Web Content

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2021-1801 has been observed exploited in the wild (reported by VulnCheck KEV).

Description

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.

References (7)

Core 7
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212147
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212146
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212148
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212149
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202104-03

Scores

CVSS v3 6.5
EPSS 0.0152
EPSS Percentile 71.7%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N

Details

VulnCheck KEV 2023-09-27
Status published
Products (8)
apple/ipad_os < 14.4
apple/iphone_os < 14.4
apple/macos 11.0.1 - 11.2
apple/tvos < 14.4
apple/watchos < 7.3
fedoraproject/fedora 32
fedoraproject/fedora 33
webkitgtk/webkitgtk < 2.30.6
Published Apr 02, 2021
Tracked Since Feb 18, 2026