CVE-2021-1875: 
macOS vulnerability analysis and mitigation

CVE-2021-1875 is a double free vulnerability discovered in Apple's libxslt library. The issue was disclosed and patched in April 2021 as part of multiple Apple security updates, including iOS 14.5, iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3, Security Update 2021-002 Catalina, and Security Update 2021-003 Mojave. The vulnerability was discovered by OSS-Fuzz (Apple Security Updates).

The vulnerability is classified as a double free issue in the libxslt library that was addressed with improved memory management. The CVSS v3.1 base score for this vulnerability is 7.8 HIGH with the vector string CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H. The vulnerability is tracked under CWE-415 (Double Free) classification (NVD).

Processing a maliciously crafted file may lead to heap corruption, which could potentially result in arbitrary code execution or application crashes. The vulnerability affects multiple Apple operating systems and their components that utilize the libxslt library (Apple Security Updates).

Apple has released security updates to address this vulnerability across multiple platforms: iOS 14.5 and iPadOS 14.5, watchOS 7.4, tvOS 14.5, macOS Big Sur 11.3, Security Update 2021-002 Catalina, and Security Update 2021-003 Mojave. Users are advised to update their devices to the latest available versions to receive the security fixes (Apple Security Updates).