Security restrictions bypass in Apple iOS and iPadOS - CVE-2021-1835
Published: April 28, 2021
Vulnerability identifier: #VU52677
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1835
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Detailed vulnerability description
The vulnerability allows a local user to gain access to sensitive information.
The vulnerability exists within the Accessibility feature. An attacker with physical access to device can access notes from the lock screen.
How to mitigate CVE-2021-1835
Install updates from vendor's website.