CVE-2021-1844
moderate-risk
Published 2021-04-02
A memory corruption issue was addressed with improved validation. This issue is fixed in iOS 14.4.1 and iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, macOS Big Sur 11.2.3. Processing maliciously crafted web content may lead to arbitrary code execution.
Do I need to act?
~
1.4% chance of exploitation in next 30 days
EPSS score — moderate exploit probability
-
Not on CISA KEV list
No confirmed active exploitation reported to CISA
?
Patch status unknown
Check vendor advisories for fix availability and mitigation guidance
8
CVSS 8.8/10
High
NETWORK
/ LOW complexity
Affected Vendors
References (16)
Mailing List
http://seclists.org/fulldisclosure/2021/Apr/55
Vendor Advisory
https://support.apple.com/en-us/HT212220
Vendor Advisory
https://support.apple.com/en-us/HT212221
Vendor Advisory
https://support.apple.com/en-us/HT212222
Vendor Advisory
https://support.apple.com/en-us/HT212223
Vendor Advisory
https://support.apple.com/kb/HT212323
Third Party Advisory
https://www.debian.org/security/2021/dsa-4923
Mailing List
http://seclists.org/fulldisclosure/2021/Apr/55
Vendor Advisory
https://support.apple.com/en-us/HT212220
Vendor Advisory
https://support.apple.com/en-us/HT212221
Vendor Advisory
https://support.apple.com/en-us/HT212222
Vendor Advisory
https://support.apple.com/en-us/HT212223
Vendor Advisory
https://support.apple.com/kb/HT212323
Third Party Advisory
https://www.debian.org/security/2021/dsa-4923
48
/ 100
moderate-risk
Severity
30/34 · Critical
Exploitability
4/34 · Minimal
Exposure
14/34 · Moderate