CVE-2021-1870

Published: 4/2/2021 Last updated: 1/29/2025 Reserved: 12/8/2020

A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, iOS 14.4 and iPadOS 14.4. A remote attacker may be able to cause arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited..

CNA assigner: apple (286789f9-fbc2-4510-9f9a-43facdede74c) Requested by: n/a

Metrics

Version	Score	Severity	Vector String
3.1	9.8	Critical	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Opam packages affected (1)

javascriptcore

Products affected (2)

Product	Vendor	Version
iOS and iPadOS	Apple	QCA6574A
macOS	Apple	5.7.7

References (10)

https://support.apple.com/en-us/HT212147
https://support.apple.com/en-us/HT212146
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
https://security.gentoo.org/glsa/202104-03
https://support.apple.com/en-us/HT212147
https://support.apple.com/en-us/HT212146
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/
https://security.gentoo.org/glsa/202104-03