Search for vulnerabilities
Vulnerability details: VCID-8hz7-9fc4-13by
Vulnerability ID VCID-8hz7-9fc4-13by
Aliases CVE-2021-1870
Summary A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
System Score Found at
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1870.json
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00494 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
ssvc Act https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
ssvc Act https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
archlinux High https://security.archlinux.org/AVG-1721
archlinux High https://security.archlinux.org/AVG-1722
cvssv3.1 9.8 https://security.gentoo.org/glsa/202104-03
ssvc Act https://security.gentoo.org/glsa/202104-03
cvssv3.1 9.8 https://support.apple.com/en-us/HT212146
ssvc Act https://support.apple.com/en-us/HT212146
cvssv3.1 9.8 https://support.apple.com/en-us/HT212147
ssvc Act https://support.apple.com/en-us/HT212147
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1870.json
https://api.first.org/data/v1/epss?cve=CVE-2021-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21806
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
1944350 https://bugzilla.redhat.com/show_bug.cgi?id=1944350
202104-03 https://security.gentoo.org/glsa/202104-03
ASA-202103-24 https://security.archlinux.org/ASA-202103-24
ASA-202103-25 https://security.archlinux.org/ASA-202103-25
AVG-1721 https://security.archlinux.org/AVG-1721
AVG-1722 https://security.archlinux.org/AVG-1722
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVE-2021-1870 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
HT212146 https://support.apple.com/en-us/HT212146
HT212147 https://support.apple.com/en-us/HT212147
JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
RHSA-2021:4381 https://access.redhat.com/errata/RHSA-2021:4381
RHSA-2025:10364 https://access.redhat.com/errata/RHSA-2025:10364
USN-4894-1 https://usn.ubuntu.com/4894-1/
Data source KEV
Date added Nov. 3, 2021
Description Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note
https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1870.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202104-03
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://security.gentoo.org/glsa/202104-03
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212146
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://support.apple.com/en-us/HT212146
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212147
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none


Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://support.apple.com/en-us/HT212147
Exploit Prediction Scoring System (EPSS)
Percentile 0.64711
EPSS Score 0.00494
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:41:12.802530+00:00 Ubuntu USN Importer Import https://usn.ubuntu.com/4894-1/ 37.0.0