#VU52700 Information disclosure in Apple iOS and iPadOS - CVE-2021-1865
Published: April 28, 2021
Vulnerability identifier: #VU52700
Vulnerability risk: Low
CVSSv4.0: CVSS:4.0/AV:P/AC:L/AT:N/PR:N/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Clear
CVE-ID: CVE-2021-1865
CWE-ID: CWE-200
Exploitation vector: Local access
Exploit availability:
No public exploit available
Vulnerable software:
Apple iOS
iPadOS
Apple iOS
iPadOS
Software vendor:
Apple Inc.
Apple Inc.
Description
The vulnerability allows a local user to gain access to potentially sensitive information.
The vulnerability exists in the Password Manager component that allows to view user's passwords on screen. An attacker with physical proximity to the device can eavesdrop on victim's passwords.
Remediation
Install updates from vendor's website.