CVE-2021-1879

CVE Database · CVE-2021-1879

CVE-2021-1879

· MEDIUMAnalyzed

CVSS v3.1

6.1

EPSS

7.08%

Published

Apr 2, 2021

Modified

Oct 23, 2025

CISA Known Exploited Vulnerability

Added: 2021-11-03 · Due: 2021-11-17

Apply updates per vendor instructions.

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N

Weaknesses (CWE)

CWE-79CWE-79

Affected Products (4)

apple · ipados (up to 14.4.2)vulnerable

apple · iphone_os (up to 12.5.2)vulnerable

apple · iphone_os (up to 14.4.2)vulnerable

apple · watchos (up to 7.3.3)vulnerable

References (7)

https://support.apple.com/en-us/HT212256

Release NotesVendor Advisory