Description

A memory corruption issue was addressed with improved memory handling. This issue is fixed in iOS 14.8 and iPadOS 14.8, Safari 15, tvOS 15, iOS 15 and iPadOS 15, watchOS 8. Processing maliciously crafted web content may lead to arbitrary code execution.

Related CPE's

a

apple

safari

Vulnerable

o

apple

ipados

Vulnerable

o

apple

iphone_os

Vulnerable

o

apple

macos

Vulnerable

o

apple

tvos

Vulnerable

o

apple

watchos

Vulnerable

o

debian

debian_linux

2

o

fedoraproject

fedora

2

References

http://seclists.org/fulldisclosure/2021/Oct/60

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/61

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/62

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2021/Oct/63

Mailing ListThird Party Advisory

http://www.openwall.com/lists/oss-security/2021/10/26/9

Mailing List

http://www.openwall.com/lists/oss-security/2021/10/27/1

Mailing List

http://www.openwall.com/lists/oss-security/2021/10/27/2

Mailing List

http://www.openwall.com/lists/oss-security/2021/10/27/4

Mailing List

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/H6MGXCX7P5AHWOQ6IRT477UKT7IS4DAD/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ON5SDVVPVPCAGFPW2GHYATZVZYLPW2L4/

https://support.apple.com/en-us/HT212807

Vendor Advisory

https://support.apple.com/en-us/HT212814

Vendor Advisory

https://support.apple.com/en-us/HT212815

Vendor Advisory

https://support.apple.com/en-us/HT212816

Vendor Advisory

https://support.apple.com/en-us/HT212819

Vendor Advisory

https://support.apple.com/kb/HT212869

Vendor Advisory

https://www.debian.org/security/2021/dsa-4995

Third Party Advisory

https://www.debian.org/security/2021/dsa-4996

Third Party Advisory

Weaknesses

[email protected]

Primary
CWE-787

CVSS impact metrics

CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

7.8 · High

  • CVSS V3.1

  • CVSS V3.0

  • CVSS V2.0

Information

Source identifier

[email protected]

Vulnerability status

Modified

Published

2021-10-19T14:15:09.617

3 years ago

Last modified

2023-11-07T03:33:31.383

1 year ago