Home

CVE-2021-1857

Description

A memory initialization issue was addressed with improved memory handling. This issue is fixed in iTunes 12.11.3 for Windows, Security Update 2021-002 Catalina, Security Update 2021-003 Mojave, iCloud for Windows 12.3, macOS Big Sur 11.3, watchOS 7.4, tvOS 14.5, iOS 14.5 and iPadOS 14.5. Processing maliciously crafted web content may disclose sensitive user information.

Risk Information

Base Score
6.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
0.605

Associated Vulnerability

VulnerabilityOS Platform
Vulnerabilities CVE-2021-1857,CVE-2021-1811,CVE-2021-1825,CVE-2020-7463 are fixed in iCloud 12.3Windows
Vulnerabilities CVE-2021-1857,CVE-2021-1811,CVE-2021-1825,CVE-2020-7463 are fixed in Apple iTunes (X64) (12.11.3.17)Windows
Vulnerabilities CVE-2021-1857,CVE-2021-1811,CVE-2021-1825,CVE-2020-7463 are fixed in Apple iTunes (12.11.3.17)Windows
Vulnerabilities CVE-2021-1811,CVE-2021-1825,CVE-2021-1857 are affected in iCloud 12.0-windowsWindows
Vulnerabilities CVE-2020-7463,CVE-2021-1811,CVE-2021-1825,CVE-2021-1857 are affected in Apple iTunes (X64) 12.11.2Windows
Vulnerabilities CVE-2020-7463,CVE-2021-1811,CVE-2021-1825,CVE-2021-1857 are affected in Apple iTunes 12.11.2Windows
Multiple vulnerabilities are fixed in MacOS Big Sur 11.3 - Software UpdateMac
Multiple vulnerabilities are fixed in MacOS Big Sur 11.3.1 - Software UpdateMac
Vulnerabilities CVE-2021-1811,CVE-2021-1825,CVE-2021-1857 are affected in Apple iTunes For Mac 12.11Mac

Patch Details

Click to see the patches provided by ManageEngine for this CVE
Patch IDPatch Description
PATCH-316162iCloud (7.21.0.23) (Deployment-Only)
PATCH-319277Apple iTunes (X64) (12.11.3.17)
PATCH-319276Apple iTunes (12.11.3.17)
PATCH-605752MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064)
PATCH-605752MacOS Big Sur 11.7.10 - Software Update (Force Reboot)(CVE-2023-41064)

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234