Dany Lisiansky

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.0 iPadOS versions prior to 14.0 tvOS versions prior to 14.0 watchOS versions prior to 7.0 Xcode versions prior to 12.0 **Description** The issue allows an attacker in a privileged network position to execute arbitrary code on a paired device during a debug session over the network. This was addressed by encrypting communications over the network to devices running the specified operating systems. **Recommendations** For iOS versions prior to 14.0, update to iOS 14.0 or later to resolve the issue. For iPadOS versions prior to 14.0, update to iPadOS 14.0 or later to resolve the issue. For tvOS versions prior to 14.0, update to tvOS 14.0 or later to resolve the issue. For watchOS versions prior to 7.0, update to watchOS 7.0 or later to resolve the issue. For Xcode versions prior to 12.0, update to Xcode 12.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** A validation issue existed in the handling of symlinks, which has been addressed with improved validation. This could allow a local user to modify protected parts of the file system. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 **Description** The issue concerns the lock screen displaying a locked icon after unlocking, which was addressed with improved UI handling. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** An input validation issue may allow a malicious application to gain root privileges. The estimated number of potentially affected devices is not specified. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 7.0.3 **Description** The issue allows physically proximate attackers to bypass the passcode requirement and dial arbitrary telephone numbers on iPhone devices. This is achieved by tapping the emergency-call button during a specific notification and camera-pane state, triggering a NULL pointer dereference. **Recommendations** For Apple iOS versions prior to 7.0.3, update to version 7.0.3 or later to resolve the issue.