CVE-2021-1765

moderate-risk

Published 2021-04-02

This issue was addressed with improved iframe sandbox enforcement. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave. Maliciously crafted web content may violate iframe sandboxing policy.

Do I need to act?

-

0.08% chance of exploitation

EPSS score — low exploit probability

-

Not on CISA KEV list

No confirmed active exploitation reported to CISA

?

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

6

CVSS 6.5/10 Medium

NETWORK / LOW complexity

Affected Products (20)

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Mac Os X

Macos

Fedora

Fedora

Affected Vendors

Apple Fedoraproject Webkitgtk

References (8)

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202104-03

Release Notes https://support.apple.com/en-us/HT212147

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedorapro...

Third Party Advisory https://security.gentoo.org/glsa/202104-03

Release Notes https://support.apple.com/en-us/HT212147

44

/ 100

moderate-risk

Severity 24/34 · High

Exploitability 0/34 · Minimal

Exposure 20/34 · Moderate