Annual recap
Mobile security · 2021
2021 review indexed by Appaloosa Scout: 1 100 mobile CVE published, 51 added to the CISA KEV catalog (exploited in real attacks), 2 mobile apps affected by at least one KEV.
- CVE indexed this year
- 1 100
- CISA KEV added
- 51
- Tracked apps affected
- 2
Severity distribution
CRITICAL
125
HIGH
905
MEDIUM
68
LOW
2
Top 10 mobile KEV of the year
Sorted by number of mobile apps affected (CVSS as tiebreaker).
| CVE | Severity | Apps | Added to KEV | Description |
|---|---|---|---|---|
|
CVE-2021-44228
1 apps
|
CRITICAL 10.0 | 1 | 2021-12-10 | Apache Log4j2 2.0-beta9 through 2.15.0 (excluding security releases 2.12.2, 2.12.3, and 2.3.1) JNDI features used in configuration, log mes… |
|
CVE-2019-17026
1 apps
|
HIGH 8.8 | 1 | 2021-11-03 | Incorrect alias information in IonMonkey JIT compiler for setting array elements could lead to a type confusion. We are aware of targeted a… |
|
CVE-2020-6819
1 apps
|
HIGH 8.1 | 1 | 2021-11-03 | Under certain conditions, when running the nsDocShell destructor, a race condition can cause a use-after-free. We are aware of targeted att… |
|
CVE-2020-6820
1 apps
|
HIGH 8.1 | 1 | 2021-11-03 | Under certain conditions, when handling a ReadableStream, a race condition can cause a use-after-free. We are aware of targeted attacks in … |
|
CVE-2020-1350
0 apps
|
CRITICAL 10.0 | 0 | 2021-11-03 | Windows DNS Server Remote Code Execution Vulnerability |
|
CVE-2020-1472
0 apps
|
CRITICAL 10.0 | 0 | 2021-11-03 | Netlogon Elevation of Privilege Vulnerability |
|
CVE-2019-0708
0 apps
|
CRITICAL 9.8 | 0 | 2021-11-03 | Remote Desktop Services Remote Code Execution Vulnerability |
|
CVE-2019-5544
0 apps
|
CRITICAL 9.8 | 0 | 2021-11-03 | Microsoft Security Update Guide entry — NVD enrichira. |
|
CVE-2021-38647
0 apps
|
CRITICAL 9.8 | 0 | 2021-11-03 | Open Management Infrastructure Remote Code Execution Vulnerability |
|
CVE-2021-26855
0 apps
|
CRITICAL 9.1 | 0 | 2021-11-03 | Microsoft Exchange Server Remote Code Execution Vulnerability |
Top vendors by KEV this year
- 1 Mozilla 3 KEV · 1 apps
- 2 Apple Distribution International 1 KEV · 1 apps
Most affected apps
Methodology
KEV: added to the CISA catalog during the year (kev_added_date). CVE: NVD publication date. Apps: those indexed in Scout at query time; the history evolves as new mappings are added.