Main Vulnerability Database Vulnerabilities #VU52682

Use-after-free in Apple iOS and iPadOS - CVE-2021-1864

Published: April 28, 2021

Vulnerability identifier: #VU52682

CSH Severity: High

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2021-1864

CWE-ID: CWE-416

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Apple iOS
iPadOS

Software vendor:
Apple Inc.

Description

The vulnerability allows a remote attacker to compromise vulnerable system.

The vulnerability exists due to a use-after-free error when processing JavaScript in iTunes Store. A remote attacker can use a specially crafted JavaScript to trigger use-after-free error and execute arbitrary code on the system.

Successful exploitation of the vulnerability may allow an attacker to compromise vulnerable system.

Remediation

Install updates from vendor's website.

External links

https://support.apple.com/en-us/HT212317

Use-after-free in Apple iOS and iPadOS - CVE-2021-1864

Description

Remediation

External links

Please verify you're human