HTTP: Use-After-Free in QuickTimePluginReplacement
This signature detects attempts to exploit a known vulnerability against Apple Webkit QuickTimePluginReplacement. A successful attack can lead to arbitrary code execution.
Extended Description
This issue was addressed by improved management of object lifetimes. This issue is fixed in iOS 12.5.2, iOS 14.4.2 and iPadOS 14.4.2, watchOS 7.3.3. Processing maliciously crafted web content may lead to universal cross site scripting. Apple is aware of a report that this issue may have been actively exploited..
Affected Products
Apple ipados
Short Name
HTTP:STC:SAFARI:QUCKTMEPLGN-UAF
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
CVE-2021-1879 QuickTimePluginReplacement Use-After-Free in
Release Date
08/02/2021
Supported Platforms
srx-branch-12.3
srx-19.3
srx-branch-19.3
vsrx3bsd-19.2
srx-branch-19.4
vsrx-19.4
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx3bsd-19.4
srx-19.4
vsrx-12.3
vmx-19.3
vsrx-19.2
srx-12.3
Sigpack Version
3590
False Positive
Unknown
Vendors
Apple
CVSS Score
4.3