Andy Grant

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 watchOS versions prior to 8.3 iOS versions prior to 15.2 iPadOS versions prior to 15.2 **Description** A malicious application may be able to bypass Privacy preferences due to an inherited permissions issue. This issue was addressed with additional restrictions. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For watchOS versions prior to 8.3, update to watchOS 8.3 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.3 **Description** A malicious unsandboxed app on a system with Remote Login enabled may bypass Privacy preferences. This issue was addressed by adding a new Remote Login option for opting into Full Disk Access for Secure Shell sessions. **Recommendations** For versions prior to 11.3, update to macOS Big Sur 11.3 to resolve the issue. As a temporary workaround, consider disabling Remote Login until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.5 **Description** The issue allows for the exfiltration of user information when a maliciously crafted calendar invitation is imported. This can occur through one-click file disclosure via malicious calendar events. **Recommendations** For versions prior to 10.15.5, update to macOS Catalina 10.15.5 to resolve the issue. As a temporary workaround, consider avoiding the import of calendar invitations from untrusted sources until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.5 **Description** A permissions issue existed, allowing a malicious application to potentially gain root privileges due to errors in standard permission usage. This issue was addressed with improved permission validation. **Recommendations** For versions prior to 10.15.5, update to macOS Catalina 10.15.5 to resolve the issue. As a temporary workaround, consider restricting the execution of malicious applications to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4.1 **Description** The issue is related to the Certificate UI component in iOS, which has security setting errors. This allows a physically proximate attacker to establish arbitrary certificate trust relationships by completing a dialog on the lock screen, potentially due to errors in displaying data on the screen. **Recommendations** For versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue.