CVE-2021-1864

A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.

CVSS v3 9.8 CRITICAL
CVSS v2.0 7.5 HIGH

9.8^/10

CVSS v3 : CRITICAL

Vector :

Exploitability : 3.9 / Impact : 5.9

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact HIGH

Scope UNCHANGED

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
https://support.apple.com/en-us/HT212317	Vendor Advisory
https://support.apple.com/en-us/HT212323	Vendor Advisory
https://support.apple.com/en-us/HT212324	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:o:apple:ipados::::::::
	cpe:2.3:o:apple:iphone_os::::::::
	cpe:2.3:o:apple:tvos::::::::
	cpe:2.3:o:apple:watchos::::::::

History

16 Sep 2021, 19:28

Type	Values Removed	Values Added
CPE		cpe:2.3:o:apple:ipados:::::::: cpe:2.3:o:apple:watchos:::::::: cpe:2.3:o:apple:iphone_os:::::::: cpe:2.3:o:apple:tvos::::::::
CWE		CWE-416
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : 7.5 v3 : 9.8
References	~~(MISC) https://support.apple.com/en-us/HT212324 -~~	(MISC) https://support.apple.com/en-us/HT212324 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT212323 -~~	(MISC) https://support.apple.com/en-us/HT212323 - Vendor Advisory
References	~~(MISC) https://support.apple.com/en-us/HT212317 -~~	(MISC) https://support.apple.com/en-us/HT212317 - Vendor Advisory

08 Sep 2021, 15:30

Type	Values Removed	Values Added
New CVE

Information

Published : 2021-09-08 15:15

Updated : 2023-12-10 14:09

NVD link : CVE-2021-1864

Mitre link : CVE-2021-1864

CVE.ORG link : CVE-2021-1864

JSON object : View

Products Affected

apple

tvos
iphone_os
watchos
ipados

CWE

CWE-416

Use After Free

{"id": "CVE-2021-1864", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.8, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 3.9}]}, "published": "2021-09-08T15:15:11.810", "references": [{"url": "https://support.apple.com/en-us/HT212317", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212323", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}, {"url": "https://support.apple.com/en-us/HT212324", "tags": ["Vendor Advisory"], "source": "product-security@apple.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-416"}]}], "descriptions": [{"lang": "en", "value": "A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code."}, {"lang": "es", "value": "Se abord\u00f3 un problema de uso de memoria previamente liberada con una administraci\u00f3n de memoria mejorada. Este problema se corrigi\u00f3 en iOS versi\u00f3n 14.5 e iPadOS versi\u00f3n 14.5, watchOS versi\u00f3n 7.4, tvOS versi\u00f3n 14.5. Un atacante con ejecuci\u00f3n de JavaScript puede ser capaz de ejecutar c\u00f3digo arbitrario"}], "lastModified": "2021-09-16T19:28:31.097", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3EAAE2C1-EF21-4567-99F1-335D1EF955D1", "versionEndExcluding": "14.5"}, {"criteria": "cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C1E12568-6F17-458F-8216-3D6DBC8F6DEE", "versionEndExcluding": "14.5"}, {"criteria": "cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D5B77841-F161-47AB-8043-3E0346E3AA25", "versionEndExcluding": "14.5"}, {"criteria": "cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "CFFFE00C-0AA6-4F60-ABF4-E68877BFD8F8", "versionEndExcluding": "7.4"}], "operator": "OR"}]}], "sourceIdentifier": "product-security@apple.com"}