CVE-2021-1879

MEDIUM KEV

Apple Ipados < 14.4.2 - XSS

Title source: rule

Description

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

References (4)

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT212256

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT212257

[Release Notes, Vendor Advisory] https://support.apple.com/en-us/HT212258

[US Government Resource] https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1879

Scores

CVSS v3 6.1

EPSS 0.0081

EPSS Percentile 74.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Details

CISA KEV 2021-11-03

VulnCheck KEV 2021-03-26

InTheWild.io 2021-03-26

ENISA EUVD EUVD-2021-7343

CWE

CWE-79

Status published

Products (3)

apple/ipados < 14.4.2

apple/iphone_os < 12.5.2

apple/watchos < 7.3.3

Published Apr 02, 2021

KEV Added Nov 03, 2021

Tracked Since Feb 18, 2026