CVE-2021-1801
MEDIUM EXPLOITEDiPadOS < 14.4 - Sandbox Policy Bypass via Malicious Web Content
Title source: llmExploitation Summary
CVE-2021-1801 has been observed exploited in the wild (reported by VulnCheck KEV).
Description
This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Maliciously crafted web content may violate iframe sandboxing policy.
References (7)
Core 7
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212147
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212146
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212148
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212149
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202104-03
Scores
CVSS v3
6.5
EPSS
0.0152
EPSS Percentile
71.7%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N
Details
VulnCheck KEV
2023-09-27
Status
published
Products (8)
apple/ipad_os
< 14.4
apple/iphone_os
< 14.4
apple/macos
11.0.1 - 11.2
apple/tvos
< 14.4
apple/watchos
< 7.3
fedoraproject/fedora
32
fedoraproject/fedora
33
webkitgtk/webkitgtk
< 2.30.6
Published
Apr 02, 2021
Tracked Since
Feb 18, 2026