CVE-2021-1789

8.8 HIGH

Remote Code Execution

📋 TL;DR

CVE-2021-1789 is a type confusion vulnerability in Apple's WebKit browser engine that allows arbitrary code execution when processing malicious web content. Attackers can exploit this by tricking users into visiting specially crafted websites, potentially taking full control of affected devices. This affects macOS, iOS, iPadOS, tvOS, watchOS, and Safari users on vulnerable versions.

💻 Affected Systems

Products:

Safari
WebKit
iOS
iPadOS
macOS
tvOS
watchOS

Versions: Versions before macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, iPadOS 14.4, Safari 14.0.3

Operating Systems: macOS, iOS, iPadOS, tvOS, watchOS

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected Apple operating systems and Safari browser are vulnerable.

📦 What is this software?

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Fedora by Fedoraproject

View all CVEs affecting Fedora →

Ipados by Apple

View all CVEs affecting Ipados →

Iphone Os by Apple

View all CVEs affecting Iphone Os →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Mac Os X by Apple

View all CVEs affecting Mac Os X →

Macos by Apple

macOS is Apple's desktop and laptop operating system powering Mac computers used by millions of professionals, developers, creative professionals, and enterprise users worldwide. Built on a Unix foundation with the Darwin kernel and modern Cocoa frameworks, macOS delivers a seamless ecosystem integr...

Learn more about Macos →

Tvos by Apple

View all CVEs affecting Tvos →

Watchos by Apple

View all CVEs affecting Watchos →

Webkitgtk by Webkitgtk

View all CVEs affecting Webkitgtk →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete system compromise with attacker gaining full control over the device, enabling data theft, ransomware deployment, or persistent backdoor installation.

🟠

Likely Case

Browser-based compromise leading to session hijacking, credential theft, or installation of malware through drive-by download attacks.

🟢

If Mitigated

Limited impact with proper sandboxing and security controls preventing privilege escalation or lateral movement.

🌐 Internet-Facing: HIGH - Exploitation requires only visiting a malicious website, making internet-facing systems highly vulnerable.

🏢 Internal Only: MEDIUM - Internal users could be targeted via phishing or compromised internal websites.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Type confusion vulnerabilities in WebKit are frequently exploited in the wild. While no public PoC exists, similar vulnerabilities have been weaponized for targeted attacks.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4, iPadOS 14.4, Safari 14.0.3

Vendor Advisory: https://support.apple.com/en-us/HT212146

Restart Required: Yes

Instructions:

1. Open System Preferences > Software Update. 2. Install all available updates. 3. Restart the device when prompted. 4. For Safari, update through the App Store or System Preferences.

🔧 Temporary Workarounds

Browser Restrictions

all

Disable JavaScript or use browser extensions to block untrusted websites

Network Filtering

all

Block access to known malicious domains and implement web content filtering

🧯 If You Can't Patch

Implement strict web content filtering and block access to untrusted websites
Use application whitelisting to prevent unauthorized code execution

🔍 How to Verify

Check if Vulnerable:

Check system version: macOS - About This Mac; iOS/iPadOS - Settings > General > About; Safari - Safari > About Safari

Check Version:

macOS: sw_vers; iOS: Settings > General > About; Safari: defaults read /Applications/Safari.app/Contents/Info.plist CFBundleShortVersionString

Verify Fix Applied:

Verify system version matches or exceeds patched versions listed in vendor advisory

📡 Detection & Monitoring

Log Indicators:

Unusual Safari/WebKit process crashes
Suspicious JavaScript execution patterns
Unexpected network connections from browser processes

Network Indicators:

Connections to known malicious domains from browser processes
Unusual outbound traffic patterns following web browsing

SIEM Query:

process_name:Safari OR process_name:WebKit AND (event_type:crash OR suspicious_network_activity)

📊 Metadata

CVE ID: CVE-2021-1789

CVSS v3 Score: 8.8 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

CWE: CWE-843

Published: April 2, 2021

Last Updated: October 23, 2025

🔗 References

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ Broken Link,Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ Broken Link,Mailing List
https://security.gentoo.org/glsa/202104-03 Third Party Advisory
https://support.apple.com/en-us/HT212146 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212147 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212148 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212149 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212152 Release Notes,Vendor Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JN6ZOD62CTO54CHTMJTHVEF6R2Y532TJ/ Broken Link,Mailing List
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU/ Broken Link,Mailing List
https://security.gentoo.org/glsa/202104-03 Third Party Advisory
https://support.apple.com/en-us/HT212146 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212147 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212148 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212149 Release Notes,Vendor Advisory
https://support.apple.com/en-us/HT212152 Release Notes,Vendor Advisory
https://www.cisa.gov/known-exploited-vulnerabilities-catalog?field_cve=CVE-2021-1789 US Government Resource