CVE-2021-1868

HIGH

iPadOS < 14.5 - Improper Privilege Management

Title source: llm

Description

A logic issue was addressed with improved state management. This issue is fixed in Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3. A local attacker may be able to elevate their privileges.

References (6)

Core 6

Core References

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212317

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212323

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212324

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212325

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212326

Vendor Advisory x_refsource_misc

https://support.apple.com/en-us/HT212327

Scores

CVSS v3 7.8

EPSS 0.0026

EPSS Percentile 17.1%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-269

Status published

Products (9)

apple/ipados < 14.5

apple/iphone_os < 14.5

apple/mac_os_x 10.14.6 (18 CPE variants)

apple/mac_os_x 10.15.6 (2 CPE variants)

apple/mac_os_x 10.15.7 (7 CPE variants)

apple/mac_os_x 10.14 - 10.14.5

apple/macos 11.0 - 11.3

apple/tvos < 14.5

apple/watchos < 7.4

Published Sep 08, 2021

Tracked Since Feb 18, 2026