Search for vulnerabilities
Vulnerability details: VCID-pcwx-5bj1-aaak
Vulnerability ID VCID-pcwx-5bj1-aaak
Aliases CVE-2021-1870
Summary A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
Status Published
Exploitability 2.0
Weighted Severity 8.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-20 Improper Input Validation
System Score Found at
generic_textual Medium http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1870.html
rhas Moderate https://access.redhat.com/errata/RHSA-2021:4381
cvssv3 9.8 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1870.json
epss 0.00504 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00504 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00547 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.00576 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01702 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01903 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01903 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.01903 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
epss 0.03095 https://api.first.org/data/v1/epss?cve=CVE-2021-1870
rhbs medium https://bugzilla.redhat.com/show_bug.cgi?id=1944350
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870
generic_textual Medium https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21806
cvssv3.1 9.8 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
ssvc Act https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
cvssv3.1 9.8 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
ssvc Act https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
cvssv3 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
cvssv3.1 9.8 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
archlinux High https://security.archlinux.org/AVG-1721
archlinux High https://security.archlinux.org/AVG-1722
cvssv3.1 9.8 https://security.gentoo.org/glsa/202104-03
ssvc Act https://security.gentoo.org/glsa/202104-03
cvssv3.1 9.8 https://support.apple.com/en-us/HT212146
ssvc Act https://support.apple.com/en-us/HT212146
ssvc Act https://support.apple.com/en-us/HT212147
ssvc Act https://support.apple.com/en-us/HT212147
generic_textual Medium https://ubuntu.com/security/notices/USN-4894-1
generic_textual Medium https://webkitgtk.org/security/WSA-2021-0002.html
Reference id Reference type URL
http://people.canonical.com/~ubuntu-security/cve/2021/CVE-2021-1870.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1870.json
https://api.first.org/data/v1/epss?cve=CVE-2021-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-27918
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-29623
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1765
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1789
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1799
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1801
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-1870
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-21806
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://security.gentoo.org/glsa/202104-03
https://support.apple.com/en-us/HT212146
https://support.apple.com/en-us/HT212147
https://ubuntu.com/security/notices/USN-4894-1
https://webkitgtk.org/security/WSA-2021-0002.html
1944350 https://bugzilla.redhat.com/show_bug.cgi?id=1944350
ASA-202103-24 https://security.archlinux.org/ASA-202103-24
ASA-202103-25 https://security.archlinux.org/ASA-202103-25
AVG-1721 https://security.archlinux.org/AVG-1721
AVG-1722 https://security.archlinux.org/AVG-1722
cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:webkitgtk:webkitgtk:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipad_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:macos:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:-:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:security_update_2020-001:*:*:*:*:*:*
cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:apple:mac_os_x:10.15.7:supplemental_update:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
CVE-2021-1870 https://nvd.nist.gov/vuln/detail/CVE-2021-1870
RHSA-2021:4381 https://access.redhat.com/errata/RHSA-2021:4381
USN-4894-1 https://usn.ubuntu.com/4894-1/
Data source KEV
Date added Nov. 3, 2021
Description Apple iOS, iPadOS, and macOS WebKit contain an unspecified logic vulnerability that allows a remote attacker to execute code. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.
Required action Apply updates per vendor instructions.
Due date Nov. 17, 2021
Note 
https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Ransomware campaign use Unknown
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2021-1870.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2021-1870
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://security.gentoo.org/glsa/202104-03
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://security.gentoo.org/glsa/202104-03
Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://support.apple.com/en-us/HT212146
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://support.apple.com/en-us/HT212146
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://support.apple.com/en-us/HT212147
Vector: SSVCv2/E:A/A:Y/T:T/P:M/B:A/M:M/D:C/2025-01-29T17:34:00Z/ Found at https://support.apple.com/en-us/HT212147
Exploit Prediction Scoring System (EPSS)
Percentile 0.65058
EPSS Score 0.00504
Published At June 14, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
There are no relevant records.