CVE-2021-1857
MEDIUMiCloud < 12.3 - Information Disclosure via Improper Memory Initialization
Title source: llmDescription
A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.
References (8)
Core 8
Core References
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212317
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212323
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212324
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212325
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212326
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212327
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212319
Vendor Advisory x_refsource_misc
https://support.apple.com/en-us/HT212321
Scores
CVSS v3
6.5
EPSS
0.0118
EPSS Percentile
63.6%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
Details
CWE
CWE-665
Status
published
Products (23)
apple/icloud
< 12.3
apple/ipados
< 14.5
apple/iphone_os
< 14.5
apple/itunes
< 12.11.3
apple/mac_os_x
10.14
apple/mac_os_x
10.14.0
apple/mac_os_x
10.14.1
apple/mac_os_x
10.14.2
apple/mac_os_x
10.14.3
apple/mac_os_x
10.14.4 (2 CPE variants)
... and 13 more
Published
Sep 08, 2021
Tracked Since
Feb 18, 2026