CVE-2021-1879 – Apple / Multiple – XSS

CVE-2021-1879 is a cross-site scripting (XSS) vulnerability impacting multiple versions of Apple watchOS, iOS, and iPadOS. A proof of concept (PoC) was observed in open source and a link to a PoC was shared in the underground. Apple claimed to be aware of the vulnerability being exploited in the wild. Additionally, Google’s Threat Analysis Group (TAG) claimed the vulnerability was used by a Russian government-backed actor to target government officials from western European countries by sending them malicious links via LinkedIn.

Summary:

CVE-2021-1879 is a cross-site scripting (XSS) vulnerability impacting multiple versions of Apple watchOS, iOS, and iPadOS. A proof of concept (PoC) was observed in open source and a link to a PoC was shared in the underground. Apple claimed to be aware of the vulnerability being exploited in the wild. Additionally, Google’s Threat Analysis Group (TAG) claimed the vulnerability was used by a Russian government-backed actor to target government officials from western European countries by sending them malicious links via LinkedIn.

PoC Links(if available):

Apple exploitation information –
https://support.apple.com/en-gb/HT212258

Known Counter Measures:

Apple addressed the vulnerability in multiple security advisories with updated versions.

Links to patches(if available)

https://support.apple.com/en-gb/HT212256