Security restrictions bypass in Apple iOS and iPadOS - CVE-2021-1835

 

Security restrictions bypass in Apple iOS and iPadOS - CVE-2021-1835

Published: April 28, 2021


Vulnerability identifier: #VU52677
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1835
CWE-ID: CWE-264
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows a local user to gain access to sensitive information.

The vulnerability exists within the Accessibility feature. An attacker with physical access to device can access notes from the lock screen.


How to mitigate CVE-2021-1835

Install updates from vendor's website.

Sources