James Hutchins

**Name of the Vulnerable Software and Affected Versions** tvOS versions prior to 17 iOS versions prior to 17 and prior to 16.7 iPadOS versions prior to 17 and prior to 16.7 watchOS versions prior to 10 **Description** The issue is related to inadequate access control in the MobileStorageMounter component of the operating systems. It may allow an attacker to elevate their privileges. The problem is addressed with improved access restrictions. **Recommendations** For tvOS versions prior to 17, update to tvOS 17 to resolve the issue. For iOS versions prior to 17 and prior to 16.7, update to iOS 17 or iOS 16.7 to resolve the issue. For iPadOS versions prior to 17 and prior to 16.7, update to iPadOS 17 or iPadOS 16.7 to resolve the issue. For watchOS versions prior to 10, update to watchOS 10 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.6 macOS Monterey versions prior to 12.7 macOS Sonoma versions prior to 14 tvOS versions prior to 17 watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 **Description** The issue is related to incorrect symlink validation, which may allow an app to read arbitrary files. This could potentially enable an attacker to gain unauthorized access to protected information. The issue was addressed with improved validation of symlinks. **Recommendations** For macOS versions prior to 13.6, update to macOS Ventura 13.6. For macOS Monterey versions prior to 12.7, update to macOS Monterey 12.7. For macOS Sonoma versions prior to 14, update to macOS Sonoma 14. For tvOS versions prior to 17, update to tvOS 17. For watchOS versions prior to 10, update to watchOS 10. For iOS versions prior to 17, update to iOS 17. For iPadOS versions prior to 17, update to iPadOS 17.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 macOS Catalina versions prior to Security Update 2021-002 macOS Mojave versions prior to Security Update 2021-003 **Description** A race condition issue was addressed with additional validation. This issue may allow a malicious application to gain root privileges. The vulnerability is related to synchronization errors when using a shared resource in the libxpc library of Mac OS, tvOS, iOS, iPadOS, and watchOS operating systems, which can be exploited to elevate privileges. **Recommendations** For macOS versions prior to 11.3, update to macOS Big Sur 11.3 or later. For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later. For macOS Catalina, apply Security Update 2021-002. For macOS Mojave, apply Security Update 2021-003.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave watchOS versions prior to 7.3 tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: A local attacker may be able to elevate their privileges due to multiple issues addressed with improved logic. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave. For watchOS versions prior to 7.3, update to watchOS 7.3. For tvOS versions prior to 14.4, update to tvOS 14.4. For iOS versions prior to 14.4, update to iOS 14.4. For iPadOS versions prior to 14.4, update to iPadOS 14.4.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.0.1 watchOS versions prior to 7.1 iOS versions prior to 14.2 iPadOS versions prior to 14.2 iCloud for Windows versions prior to 11.5 tvOS versions prior to 14.2 iTunes for Windows versions prior to 12.11 **Description** A logic issue was addressed with improved state management, allowing a local user to potentially read arbitrary files. The issue is related to the incorrect implementation of a sequence of actions in the Foundation framework of Mac OS, which may enable an attacker to gain unauthorized access to protected information. **Recommendations** For macOS versions prior to 11.0.1, update to macOS Big Sur 11.0.1 or later. For watchOS versions prior to 7.1, update to watchOS 7.1 or later. For iOS versions prior to 14.2, update to iOS 14.2 or later. For iPadOS versions prior to 14.2, update to iPadOS 14.2 or later. For iCloud for Windows versions prior to 11.5, update to iCloud for Windows 11.5 or later. For tvOS versions prior to 14.2, update to tvOS 14.2 or later. For iTunes for Windows versions prior to 12.11, update to iTunes 12.11 for Windows or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.3 Security Update versions prior to 2020-001 Mojave Security Update versions prior to 2020-001 High Sierra **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For macOS versions prior to 10.15.3, update to macOS Catalina 10.15.3. For Security Update versions prior to 2020-001 Mojave, apply Security Update 2020-001 Mojave. For Security Update versions prior to 2020-001 High Sierra, apply Security Update 2020-001 High Sierra.