Memory Handling Issue in iTunes and Multiple Apple Products
CVE-2021-1857

6.5MEDIUM

Key Information:

Vendor: Apple
Status: iOS And iPad OS; Itunes For Windows; Icloud For Windows; TV OS
Vendor: CVE Published:; 8 September 2021

🔔 Create Apple Vulnerability Alert

What is CVE-2021-1857?

A memory handling flaw allows for potential disclosure of sensitive user information when maliciously crafted web content is processed in affected Apple products. The issue has been addressed in several updates, ensuring enhanced memory management to prevent exploitation.

Affected Version(s)

iCloud for Windows < 12.3

iOS and iPadOS < 14.5

iTunes for Windows < 12.11

References

https://support.apple.com/en-us/HT212317

x_refsource_MISC

https://support.apple.com/en-us/HT212323

x_refsource_MISC

https://support.apple.com/en-us/HT212324

x_refsource_MISC

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

Required

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Sep 8, 2021
Vulnerability Reserved
Dec 8, 2020

.