Universal XSS in Apple iOS

Published: 2021-03-26 | Updated: 2021-03-30
Risk High
Patch available YES
Number of vulnerabilities 1
CVE ID CVE-2021-1879
Exploitation vector Network
Public exploit This vulnerability is being exploited in the wild.
Vulnerable software
Apple iOS
Operating systems & Components / Operating system

Vendor Apple Inc.

Security Advisory

Updated: 30.30.2021

Updated list of affected versions.

1) Universal cross-site scripting

Risk: High

CVSSv3.1: 5.8 [CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:L/I:L/A:N/E:H/RL:O/RC:C] [PCI]

CVE-ID: CVE-2021-1879

CWE-ID: CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')

Exploit availability: No


The disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.

The vulnerability exists due to insufficient sanitization of user-supplied data within the WebKit engine. A remote attacker can trick the victim to follow a specially crafted link and execute arbitrary HTML and script code in user's browser in context of arbitrary website.

Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.

Note, the vulnerability is being actively exploited in the wild.


Install update from vendor's website.

Vulnerable software versions

Apple iOS: 12.0 16A366, 12.0.1 16A404, 12.1 16B92, 12.1.1 16C50, 12.1.2 16C101, 12.1.3 16D39, 12.1.3 16D40, 12.1.4 16D57, 12.2 16E227, 12.3 16F156, 12.3 16F8155, 12.3.1 16F203, 12.3.1 16F8202, 12.3.2 16F250, 12.4 16G77, 12.4.1 16G102, 12.4.2 16G114, 12.4.3 16G130, 12.4.4 16G140, 12.4.5 16G161, 12.4.6 16G183, 12.4.7 16G192, 12.4.8 16G201, 12.4.9 16H5, 12.5 16H20, 12.5.1 16H22, 13.0 17A577, 13.1 17A844, 13.1.1 17A854, 13.1.2 17A860, 13.1.2 17A861, 13.1.3 17A878, 13.2 17B84, 13.2.1 17B90, 13.2.2 17B102, 13.2.3 17B111, 13.3 17C54, 13.3.1 17D50, 13.4 17E255, 13.4 17E8255, 13.4.1 17E262, 13.4.1 17E8258, 13.5 17F75, 13.5.1 17F80, 13.6 17G68, 13.6.1 17G80, 13.7 17H35, 14.0 18A373, 14.0.1 18A393, 14.1 18A8395, 14.2 18B92, 14.2 18B111, 14.2.1 18B121, 14.3 18C66, 14.4 18D52, 14.4.1 18D61

CPE External links


Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

Yes. This vulnerability is being exploited in the wild.