High

Memory Corruption in WebKit (CVE-2021-1844)

IdentifiersCVE-2021-1844CWE-119

CVE-2021-1844 is a memory corruption vulnerability in WebKit, the browser engine used by Safari and other Apple products. The vulnerability arises from insufficient validation when processing web content, which can lead to memory corruption. An attacker can exploit this issue by tricking a user into visiting a maliciously crafted web page, potentially leading to arbitrary code execution within the context of the affected application. The vulnerability affects iOS, iPadOS, macOS, and watchOS prior to the patched versions.

For your environment

Are you exposed to this one?

Mallory correlates every CVE against your assets, your vendors, and active adversary campaigns. Know which vulnerabilities matter for you, not just which ones are loud.

Start free trial

ANALYST BRIEF

Impact, mitigation & remediation

What it means. What to do now. Patch path, mitigations, and the assume-compromise checklist.

Impact

What an attacker gets, and what they’ve been doing with it.

Successful exploitation of this vulnerability allows remote attackers to execute arbitrary code on the target device by enticing the victim to process malicious web content. This can result in full compromise of the affected device, including theft of sensitive data, installation of further malware, or persistent access. The vulnerability is particularly critical in the context of targeted attacks by advanced threat actors, such as those deploying spyware like Candiru's DevilsTongue, which has a history of leveraging WebKit vulnerabilities for initial access.

Mitigation

If you can’t patch tonight, do this now.

In addition to applying the official patches, users should avoid visiting untrusted websites and be cautious when clicking on links from unknown sources. Organizations should implement web content filtering and monitor for signs of exploitation. Where possible, enable security features such as sandboxing and restrict the use of vulnerable browsers until patched.

Remediation

Patch, then assume compromise.

The vulnerability is remediated by updating to iOS 14.4.1, iPadOS 14.4.1, Safari 14.0.3 (v. 14610.4.3.1.7 and 15610.4.3.1.7), watchOS 7.3.2, or macOS Big Sur 11.2.3. Users and administrators should ensure all Apple devices and browsers are updated to these or later versions to mitigate the risk.

PUBLIC EXPLOITS

Exploits

No public exploits tracked yet. Mallory keeps watching.

VALID 0 / 0 TOTALView more in app

No public exploit code observed for this vulnerability.

EXPOSURE SURFACE

Affected products & vendors

Products and vendors Mallory has correlated with this vulnerability. Open in Mallory to drill down to specific CPE configurations and version ranges.

VendorProductType

AppleIpadosoperating_system

AppleIphone Osoperating_system

AppleMacosoperating_system

AppleSafariapplication

AppleTvosoperating_system

AppleWatchosoperating_system

DebianDebian Linuxoperating_system

Fedora ProjectFedoraoperating_system

Vendor-confirmed product mapping. Mallory continuously reconciles this list against your asset inventory.

ACTIVITY FEED

Recent activity

1 sources tracked across advisories, community write-ups, and news. New activity surfaces here as Mallory finds it.

1 SOURCESView more in app

recorded future blogNews

Aug 5, 2025

Tracking Candiru’s DevilsTongue Spyware in Multiple Countries

An Apple WebKit vulnerability patched as a result of Google TAG finding that the issue also affected WebKit; the content does not report confirmed exploitation against Safari users.

What this page doesn’t show

The version that knows your environment.

This page is what’s public. Mallory adds the parts that aren’t: which of your assets are affected, which adversaries are exploiting it right now, which detections to deploy, and what to do tonight.

Start free trial

Exposure mapping

Query your assets running an affected version, and investigate the blast radius.

Threat actor evidence

Every observed campaign linking this CVE to a named adversary.

Associated malware1

Malware families riding this exploit, with evidence and IOCs.

Detection signatures

YARA, Sigma, Snort, and vendor rules, auto-deployed to your SIEM.

Vendor-by-vendor mapping

Cross-references every affected SKU, including bundled OEM variants.

Social activity

Community discussion across Reddit, Mastodon, and other social sources.

EXTERNAL REFERENCES

MITRE CVE

cve.org · CVE-2021-1844

NVD

nvd.nist.gov/vuln/detail/CVE-2021-1844

MITRE CWE · CWE-119

cwe.mitre.org

Vendor Advisory

support.apple.com/en-us/HT212220

Vendor Advisory

support.apple.com/en-us/HT212221

Vendor Advisory

support.apple.com/en-us/HT212222

Vendor Advisory

support.apple.com/en-us/HT212223

Vendor Advisory

support.apple.com/kb/HT212323

Third Party Advisory

seclists.org/fulldisclosure/2021/Apr/55

Third Party Advisory

debian.org/security/2021/dsa-4923

lists.fedoraproject.org

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/L3L6ZZOU5JS7E3RFYGLP7UFLXCG7TNLU