[CVE-2021-1879] Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

CISA KEV 정보

취약점명	Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability
설명	Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
조치사항	Apply updates per vendor instructions.
랜섬웨어 캠페인 악용	Unknown
CWE	CWE-79
등록일 (KEV)	2021-11-03
조치 기한	2021-11-17
추가 참고	https://nvd.nist.gov/vuln/detail/CVE-2021-1879

NVD 상세 정보

CVSS v3.1: 6.1 MEDIUMCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

CVSS v2.0: 4.3 AV:N/AC:M/Au:N/C:N/I:P/A:N

설명: This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

CWE: CWE-79 | CWE-79

참조

https://support.apple.com/en-us/HT212256 [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/HT212257 [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/HT212258 [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/HT212256 [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/HT212257 [Release Notes, Vendor Advisory]
https://support.apple.com/en-us/HT212258 [Release Notes, Vendor Advisory]
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1879 [US Government Resource]

This product uses the NVD API but is not endorsed or certified by the NVD.

바로 가기

[CVE-2021-1879] Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

CISA KEV 정보

NVD 상세 정보

참조

IT 도구 서랍