Cc

**Name of the Vulnerable Software and Affected Versions** AR for WordPress plugin for WordPress versions up to, and including, 7.3 **Description** The issue is related to unauthorized double extension file upload due to a missing capability check on the `set ar featured image()` function. This allows unauthenticated attackers to upload php files leveraging a double extension attack. However, the file is deleted immediately, and double extension attacks only work on select servers, making successful exploitation unlikely. **Recommendations** For versions up to, and including, 7.3, consider disabling the `set ar featured image()` function until a patch is available to prevent unauthorized file uploads. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 7.0 tvOS versions prior to 14.0 Safari versions prior to 14.0 iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For watchOS versions prior to 7.0, update to watchOS 7.0 to resolve the issue. For tvOS versions prior to 14.0, update to tvOS 14.0 to resolve the issue. For Safari versions prior to 14.0, update to Safari 14.0 to resolve the issue. For iOS versions prior to 14.0, update to iOS 14.0 to resolve the issue. For iPadOS versions prior to 14.0, update to iPadOS 14.0 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 7.0 iOS versions prior to 14.0 iPadOS versions prior to 14.0 iTunes for Windows versions prior to 12.10.9 iCloud for Windows versions prior to 11.5 tvOS versions prior to 14.0 Safari versions prior to 14.0 macOS Big Sur versions prior to 11.0.1 watchOS versions prior to 7.1 iOS versions prior to 14.2 iPadOS versions prior to 14.2 tvOS versions prior to 14.2 iTunes for Windows versions prior to 12.11 Safari versions prior to 14.0.1 **Description** A use after free issue was addressed with improved memory management. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to the WebKit module's memory usage after it has been freed, which can be exploited by a remote attacker using malicious web content. **Recommendations** For watchOS versions prior to 7.0, update to watchOS 7.0 or later. For iOS versions prior to 14.0, update to iOS 14.0 or later. For iPadOS versions prior to 14.0, update to iPadOS 14.0 or later. For iTunes for Windows versions prior to 12.10.9, update to iTunes for Windows 12.10.9 or later. For iCloud for Windows versions prior to 11.5, update to iCloud for Windows 11.5 or later. For tvOS versions prior to 14.0, update to tvOS 14.0 or later. For Safari versions prior to 14.0, update to Safari 14.0 or later. For macOS Big Sur versions prior to 11.0.1, update to macOS Big Sur 11.0.1 or later. For watchOS versions prior to 7.1, update to watchOS 7.1 or later. For iOS versions prior to 14.2, update to iOS 14.2 or later. For iPadOS versions prior to 14.2, update to iPadOS 14.2 or later. For tvOS versions prior to 14.2, update to tvOS 14.2 or later. For iTunes for Windows versions prior to 12.11, update to iTunes for Windows 12.11 or later. For Safari versions prior to 14.0.1, update to Safari 14.0.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 13 Apple iTunes for Windows version prior to 12.10.1 Apple iCloud for Windows versions prior to 10.7 and 7.14 **Description** The issue arises from multiple memory corruption problems that have been addressed through improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. This can be exploited by attackers to execute arbitrary code via specially crafted web content. **Recommendations** For Apple tvOS versions prior to 13, update to tvOS 13 to resolve the issue. For Apple iTunes for Windows version prior to 12.10.1, update to iTunes for Windows 12.10.1 to resolve the issue. For Apple iCloud for Windows versions prior to 10.7 and 7.14, update to iCloud for Windows 10.7 or 7.14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12 Apple macOS versions prior to 10.14 Apple tvOS versions prior to 12 Apple watchOS versions prior to 5 **Description** A memory corruption issue was addressed with improved memory handling. **Recommendations** For Apple iOS versions prior to 12, update to iOS 12 or later. For Apple macOS versions prior to 10.14, update to macOS 10.14 or later. For Apple tvOS versions prior to 12, update to tvOS 12 or later. For Apple watchOS versions prior to 5, update to watchOS 5 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4.1 Apple tvOS versions prior to 11.4.1 Apple Safari versions prior to 11.1.2 Apple iTunes for Windows versions prior to 12.8 Apple iCloud for Windows versions prior to 7.6 **Description** The issue is related to multiple memory corruption problems that have been addressed through improved memory handling. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later. For tvOS versions prior to 11.4.1, update to tvOS 11.4.1 or later. For Safari versions prior to 11.1.2, update to Safari 11.1.2 or later. For iTunes for Windows versions prior to 12.8, update to iTunes 12.8 or later. For iCloud for Windows versions prior to 7.6, update to iCloud for Windows 7.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 Safari versions prior to 10.1.2 iCloud versions prior to 6.2.2 on Windows iTunes versions prior to 12.6.2 on Windows tvOS versions prior to 10.2.2 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service via a crafted web site. This is due to a buffer overflow in memory, which can be exploited by a remote attacker using a specially crafted web page, potentially leading to memory corruption and application crash. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later. For Safari versions prior to 10.1.2, update to version 10.1.2 or later. For iCloud versions prior to 6.2.2 on Windows, update to version 6.2.2 or later. For iTunes versions prior to 12.6.2 on Windows, update to version 12.6.2 or later. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later.