Memory Handling Issue in iTunes and Multiple Apple Products
CVE-2021-1857

6.5MEDIUM

Key Information:

Vendor
Apple
Status
iOS And iPad OS
Itunes For Windows
Icloud For Windows
TV OS
Vendor
CVE Published:
8 September 2021

Summary

A memory handling flaw allows for potential disclosure of sensitive user information when maliciously crafted web content is processed in affected Apple products. The issue has been addressed in several updates, ensuring enhanced memory management to prevent exploitation.

Affected Version(s)

iCloud for Windows < 12.3

iOS and iPadOS < 14.5

iTunes for Windows < 12.11

References

https://support.apple.com/en-us/HT212317
x_refsource_MISC
https://support.apple.com/en-us/HT212323
x_refsource_MISC
https://support.apple.com/en-us/HT212324
x_refsource_MISC

CVSS V3.1

Score:
6.5
Severity:
MEDIUM
Confidentiality:
High
Integrity:
None
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
Required
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.