{"api_version":"1","generated_at":"2026-04-23T00:40:31+00:00","cve":"CVE-2021-1864","urls":{"html":"https://cve.report/CVE-2021-1864","api":"https://cve.report/api/cve/CVE-2021-1864.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2021-1864","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2021-1864"},"summary":{"title":"CVE-2021-1864","description":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.","state":"PUBLIC","assigner":"product-security@apple.com","published_at":"2021-09-08 15:15:00","updated_at":"2021-09-16 19:28:00"},"problem_types":["CWE-416"],"metrics":[],"references":[{"url":"https://support.apple.com/en-us/HT212324","name":"https://support.apple.com/en-us/HT212324","refsource":"MISC","tags":[],"title":"About the security content of watchOS 7.4 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212323","name":"https://support.apple.com/en-us/HT212323","refsource":"MISC","tags":[],"title":"About the security content of tvOS 14.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://support.apple.com/en-us/HT212317","name":"https://support.apple.com/en-us/HT212317","refsource":"MISC","tags":[],"title":"About the security content of iOS 14.5 and iPadOS 14.5 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://www.cve.org/CVERecord?id=CVE-2021-1864","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2021-1864","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2021","cve_id":"1864","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"ipados","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1864","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"iphone_os","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1864","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"tvos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2021","cve_id":"1864","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"apple","cpe5":"watchos","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2021-1864","qid":"610334","title":"Apple iOS 14.5 and iPadOS 14.5 Security Update Missing (HT212317)"}]},"source_records":{"cve_program":{"data_type":"CVE","data_format":"MITRE","data_version":"4.0","CVE_data_meta":{"ID":"CVE-2021-1864","ASSIGNER":"product-security@apple.com","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"vendor_name":"Apple","product":{"product_data":[{"product_name":"iOS and iPadOS","version":{"version_data":[{"version_affected":"<","version_value":"14.5"}]}},{"product_name":"tvOS","version":{"version_data":[{"version_affected":"<","version_value":"14.5"}]}},{"product_name":"watchOS","version":{"version_data":[{"version_affected":"<","version_value":"7.4"}]}}]}}]}},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"An attacker with JavaScript execution may be able to execute arbitrary code"}]}]},"references":{"reference_data":[{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212317","name":"https://support.apple.com/en-us/HT212317"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212323","name":"https://support.apple.com/en-us/HT212323"},{"refsource":"MISC","url":"https://support.apple.com/en-us/HT212324","name":"https://support.apple.com/en-us/HT212324"}]},"description":{"description_data":[{"lang":"eng","value":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code."}]}},"nvd":{"publishedDate":"2021-09-08 15:15:00","lastModifiedDate":"2021-09-16 19:28:00","problem_types":["CWE-416"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH","baseScore":9.8,"baseSeverity":"CRITICAL"},"exploitabilityScore":3.9,"impactScore":5.9},"baseMetricV2":{"cvssV2":{"version":"2.0","vectorString":"AV:N/AC:L/Au:N/C:P/I:P/A:P","accessVector":"NETWORK","accessComplexity":"LOW","authentication":"NONE","confidentialityImpact":"PARTIAL","integrityImpact":"PARTIAL","availabilityImpact":"PARTIAL","baseScore":7.5},"severity":"HIGH","exploitabilityScore":10,"impactScore":6.4,"acInsufInfo":false,"obtainAllPrivilege":false,"obtainUserPrivilege":false,"obtainOtherPrivilege":false,"userInteractionRequired":false}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:iphone_os:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:tvos:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:watchos:*:*:*:*:*:*:*:*","versionEndExcluding":"7.4","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:apple:ipados:*:*:*:*:*:*:*:*","versionEndExcluding":"14.5","cpe_name":[]}]}]}},"legacy_mitre":{"record":{"CveYear":"2021","CveId":"1864","Ordinal":"192953","Title":"CVE-2021-1864","CVE":"CVE-2021-1864","Year":"2021"},"notes":[{"CveYear":"2021","CveId":"1864","Ordinal":"1","NoteData":"A use after free issue was addressed with improved memory management. This issue is fixed in iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5. An attacker with JavaScript execution may be able to execute arbitrary code.","Type":"Description","Title":null},{"CveYear":"2021","CveId":"1864","Ordinal":"2","NoteData":"2021-09-08","Type":"Other","Title":"Published"},{"CveYear":"2021","CveId":"1864","Ordinal":"3","NoteData":"2021-09-08","Type":"Other","Title":"Modified"}]}}}