CVE-2021-1879 — Apple iOS, iPadOS, and watchOS WebKit Cross-Site Scripting (XSS) Vulnerability

2021-11-03 • CISA Known Exploited Vulnerability

[event] Apple iOS, iPadOS, and watchOS WebKit contain an unspecified vulnerability that allows for universal cross-site scripting (XSS) when processing maliciously crafted web content. This vulnerability could impact HTML parsers that use WebKit, including but not limited to Apple Safari and non-Apple products which rely on WebKit for HTML processing.

> AFFECTED SOFTWARE

Field	Value
Vendor	Apple
Product	iOS, iPadOS, and watchOS
CWE	CWE-79
CVE ID	CVE-2021-1879
Date Added	2021-11-03
Due Date	2021-11-17
Ransomware Campaign	Unknown

> MITIGATION

Apply updates per vendor instructions.

Due Date: 2021-11-17

> REFERENCES

[1] https://nvd.nist.gov/vuln/detail/CVE-2021-1879