CVE-2021-1789: 
NixOS vulnerability analysis and mitigation

A type confusion vulnerability (CVE-2021-1789) was discovered in WebKit, affecting multiple Apple operating systems including macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, and Safari 14.0.3. The vulnerability was discovered by @S0rryMybad of 360 Vulcan Team and was disclosed in January 2021 (Apple Support).

The vulnerability is a type confusion issue in WebKit that was addressed with improved state handling. Type confusion vulnerabilities typically occur when a program accesses a resource using a type that's incompatible with what the resource actually is, which can lead to out-of-bounds memory access. The vulnerability has been assigned a CVSS v3.1 base score of 8.8 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H (NVD).

When exploited, this vulnerability could allow processing of maliciously crafted web content to lead to arbitrary code execution. This means an attacker could potentially execute unauthorized code on affected systems, compromising the security of the device (Apple Support, Gentoo Security).

Apple has released patches for this vulnerability across multiple platforms. Users should update to macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, tvOS 14.4, watchOS 7.3, iOS 14.4 and iPadOS 14.4, or Safari 14.0.3 depending on their device. For WebKitGTK users, updating to version 2.30.6 or later is recommended (Gentoo Security).