Information disclosure in Apple iOS and iPadOS - CVE-2021-1865
Published: April 28, 2021
Vulnerability identifier: #VU52700
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1865
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Detailed vulnerability description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the Password Manager component that allows to view user's passwords on screen. An attacker with physical proximity to the device can eavesdrop on victim's passwords.
How to mitigate CVE-2021-1865
Install updates from vendor's website.