CVE-2021-1855: 
macOS vulnerability analysis and mitigation

CVE-2021-1855 is a security vulnerability discovered in Safari browser that affects macOS Big Sur versions prior to 11.3. The vulnerability was disclosed and patched by Apple in April 2021. The issue affects Safari's favicon handling functionality, where a logic issue in state management could allow malicious websites to manipulate network connections (Apple Support).

The vulnerability stems from a logic issue in Safari's state management system specifically related to favicon handling. The issue was addressed by Apple through improved state management implementation. The vulnerability has been assigned a CVSS v3.1 base score of 6.5 (MEDIUM) with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N, indicating network accessibility with low attack complexity and no privileges required (NVD).

When exploited, this vulnerability allows malicious websites to force unnecessary network connections to fetch their favicons. This could potentially lead to network resource consumption and potential tracking of user behavior through network connection patterns (Apple Support).

Apple has addressed this vulnerability in macOS Big Sur 11.3. Users are advised to update their systems to this version or later to receive the security fix. The fix implements improved state management to prevent malicious websites from forcing unnecessary favicon network connections (Apple Support).

The vulnerability was discovered and reported by Håvard Mikkelsen Ottestad of HASMAC AS (Apple Support).