Input Validation Flaw in Apple Software Products
CVE-2021-1825

6.1MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
Safari
Itunes For Windows
Icloud For Windows
Vendor
CVE Published:
8 September 2021

Summary

An input validation flaw discovered in various Apple software products could lead to cross-site scripting (XSS) attacks. This vulnerability arises from improper handling of maliciously crafted web content, which could potentially be exploited by attackers. Users are urged to update their systems to the latest versions to mitigate the risks associated with this vulnerability.

Affected Version(s)

iCloud for Windows < 12.3

iOS and iPadOS < 14.5

iTunes for Windows < 12.11

References

https://support.apple.com/en-us/HT212317
x_refsource_MISC
https://support.apple.com/en-us/HT212323
x_refsource_MISC
https://support.apple.com/en-us/HT212324
x_refsource_MISC

CVSS V3.1

Score:
6.1
Severity:
MEDIUM
Confidentiality:
Low
Integrity:
Low
Availability:
Low
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Changed

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.