CVE-2021-1801: 
NixOS vulnerability analysis and mitigation

CVE-2021-1801 is a security vulnerability discovered in WebKit, affecting multiple Apple operating systems including macOS Big Sur, iOS 14.4, iPadOS 14.4, watchOS 7.3, and tvOS 14.4. The vulnerability was disclosed and patched in January 2021. The issue involves improper iframe sandbox enforcement that could allow maliciously crafted web content to violate iframe sandboxing policy (Apple HT212146, Apple HT212147).

The vulnerability is related to iframe sandbox enforcement in WebKit. The issue was addressed with improved iframe sandbox enforcement mechanisms. The vulnerability has been assigned a CVSS v3.1 Base Score of 6.5 (MEDIUM) with a vector of CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:N, indicating it is network exploitable, requires low attack complexity, and no privileges, but does require user interaction (NVD).

When successfully exploited, this vulnerability allows maliciously crafted web content to bypass iframe sandboxing policies. This could potentially lead to security policy violations and compromise of the intended isolation between web content (Apple HT212146, Gentoo Security).

Apple addressed this vulnerability in multiple OS updates: macOS Big Sur 11.2, Security Update 2021-001 Catalina, Security Update 2021-001 Mojave, watchOS 7.3, tvOS 14.4, iOS 14.4 and iPadOS 14.4. Users should update their devices to these versions or later to mitigate the vulnerability. For WebKitGTK users, updating to version 2.30.6 or later is recommended (Apple HT212146, Apple HT212147).