← back
CVE-2021-1870

CVE-2021-1870

CVSS 9.8 CRITICALEPSS 7.9%● KEV
In short

A logic flaw in Apple's security allowed attackers to run malicious code remotely on affected devices. This was a critical vulnerability actively exploited in the wild, affecting iPhones, iPads, and Mac computers.

Technical detail

A logic issue in Apple's OS kernel or system component allowed remote code execution without user interaction or authentication. The vulnerability was patched across macOS Big Sur 11.2, Catalina, Mojave, iOS 14.4, and iPadOS 14.4, with evidence of active exploitation in the threat landscape.

Summary generated and translated by AI from the official description.
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Affected products
Apple · iOS and iPadOSApple · macOS

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/https://security.gentoo.org/glsa/202104-03https://support.apple.com/en-us/HT212146https://support.apple.com/en-us/HT212147https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1870