Erye Hernandez

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.5.5 and prior to 14.4 Apple iPadOS versions prior to 14.4 Apple macOS versions prior to 11.2 Apple macOS Catalina versions prior to Security Update 2021-001 Apple macOS Mojave versions prior to Security Update 2021-001 **Description** A type confusion issue in the XNU kernel of Apple iOS and macOS allows a malicious application to execute arbitrary code with kernel privileges. This issue is reportedly being exploited in the wild, with threat actors using it to deliver malware to users in Hong Kong. The vulnerability can be exploited by running a specially crafted application, allowing an attacker to gain elevated privileges or execute arbitrary code. **Recommendations** For Apple iOS versions prior to 12.5.5 and prior to 14.4, update to iOS 12.5.5 or later, or iOS 14.4 or later. For Apple iPadOS versions prior to 14.4, update to iPadOS 14.4 or later. For Apple macOS versions prior to 11.2, update to macOS Big Sur 11.2 or later. For Apple macOS Catalina versions prior to Security Update 2021-001, apply Security Update 2021-001 or later. For Apple macOS Mojave versions prior to Security Update 2021-001, apply Security Update 2021-001 or later.