Information disclosure in Apple iOS and iPadOS - CVE-2021-1865

 

Information disclosure in Apple iOS and iPadOS - CVE-2021-1865

Published: April 28, 2021


Vulnerability identifier: #VU52700
CSH Severity: Low
CVSS v4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1865
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability: No public exploit available
Vendor: Apple Inc.
Affected software:
Apple iOS
iPadOS

Detailed vulnerability description

The vulnerability allows a local user to gain access to potentially sensitive information.

The vulnerability exists in the Password Manager component that allows to view user's passwords on screen. An attacker with physical proximity to the device can eavesdrop on victim's passwords.


How to mitigate CVE-2021-1865

Install updates from vendor's website.

Sources