Jundong Xie

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.8 iPadOS versions prior to 14.8 tvOS versions prior to 15 watchOS versions prior to 8 Mac OS (affected versions not specified) **Description** A logic issue was addressed with improved state management. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. The issue is related to insufficient input validation, which may allow an attacker to execute arbitrary code using a specially crafted file. **Recommendations** For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later. For Mac OS, apply Security Update 2021-007 Catalina. As a temporary workaround, consider avoiding the use of malicious audio files until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.2 macOS Catalina (affected versions not specified) **Description** A buffer overflow issue was addressed with improved memory handling. Parsing a maliciously crafted audio file may lead to disclosure of user information. **Recommendations** For macOS Catalina, apply Security Update 2021-008. For macOS Big Sur, update to version 11.6.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.2 tvOS versions prior to 15.2 macOS Monterey versions prior to 12.1 macOS Catalina versions prior to Security Update 2021-008 iOS versions prior to 15.2 iPadOS versions prior to 15.2 watchOS versions prior to 8.3 **Description** An out-of-bounds read issue was addressed with improved input validation. Playing a malicious audio file may lead to arbitrary code execution. **Recommendations** For macOS versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For tvOS versions prior to 15.2, update to tvOS 15.2 or later. For macOS Monterey versions prior to 12.1, update to macOS Monterey 12.1 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For watchOS versions prior to 8.3, update to watchOS 8.3 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 watchOS versions prior to 8.3 iOS versions prior to 15.2 iPadOS versions prior to 15.2 tvOS versions prior to 15.2 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted audio file may lead to arbitrary code execution. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For watchOS versions prior to 8.3, update to watchOS 8.3 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For tvOS versions prior to 15.2, update to tvOS 15.2 or later.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 15.2 Apple macOS Big Sur versions prior to 11.6.2 **Description** A memory initialization issue was addressed with improved memory handling. Parsing a maliciously crafted audio file may lead to disclosure of user information. **Recommendations** For Apple tvOS versions prior to 15.2, update to tvOS 15.2 to resolve the issue. For Apple macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.2 macOS Catalina (affected versions not specified) **Description** A buffer overflow issue was addressed with improved memory handling. Parsing a maliciously crafted audio file may lead to disclosure of user information. **Recommendations** For macOS Catalina, apply Security Update 2021-008. For macOS Big Sur, update to version 11.6.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 watchOS versions prior to 8.3 iOS versions prior to 15.2 iPadOS versions prior to 15.2 tvOS versions prior to 15.2 **Description** A buffer overflow issue was addressed with improved memory handling. Parsing a maliciously crafted audio file may lead to disclosure of user information. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For watchOS versions prior to 8.3, update to watchOS 8.3 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For tvOS versions prior to 15.2, update to tvOS 15.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.2 macOS Catalina (affected versions not specified) **Description** A buffer overflow issue was addressed with improved memory handling. Parsing a maliciously crafted audio file may lead to disclosure of user information. **Recommendations** For macOS versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or apply Security Update 2021-008 Catalina to resolve the issue. For macOS Catalina, apply Security Update 2021-008 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.7 macOS Big Sur versions prior to 11.5 watchOS versions prior to 7.6 tvOS versions prior to 14.7 Security Update versions prior to 2021-004 Catalina **Description** A logic issue was addressed with improved validation. Playing a malicious audio file may lead to an unexpected application termination. **Recommendations** For iOS versions prior to 14.7, update to iOS 14.7 or later. For macOS Big Sur versions prior to 11.5, update to macOS Big Sur 11.5 or later. For watchOS versions prior to 7.6, update to watchOS 7.6 or later. For tvOS versions prior to 14.7, update to tvOS 14.7 or later. For Security Update versions prior to 2021-004 Catalina, apply Security Update 2021-004 Catalina or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 14.7 Apple macOS versions prior to Big Sur 11.5 Apple watchOS versions prior to 7.6 Apple tvOS versions prior to 14.7 Security Update versions prior to 2021-004 Catalina **Description** A memory corruption issue was addressed with improved state management. Processing a maliciously crafted audio file may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 14.7, update to iOS 14.7 or later. For macOS versions prior to Big Sur 11.5, update to macOS Big Sur 11.5 or later. For watchOS versions prior to 7.6, update to watchOS 7.6 or later. For tvOS versions prior to 14.7, update to tvOS 14.7 or later. For Security Update versions prior to 2021-004 Catalina, apply Security Update 2021-004 Catalina or later.

Name of the Vulnerable Software and Affected Versions: macOS Catalina versions prior to Security Update 2021-002 macOS Mojave versions prior to Security Update 2021-003 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 macOS Big Sur versions prior to 11.3 Description: A memory corruption issue was addressed with improved validation. This issue allows a malicious application to potentially read restricted memory. Recommendations: For macOS Catalina, apply Security Update 2021-002. For macOS Mojave, apply Security Update 2021-003. For iOS, update to version 14.5 or later. For iPadOS, update to version 14.5 or later. For watchOS, update to version 7.4 or later. For tvOS, update to version 14.5 or later. For macOS Big Sur, update to version 11.3 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 **Description** An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously crafted file may lead to arbitrary code execution. **Recommendations** For macOS Big Sur versions prior to 11.3, update to macOS Big Sur 11.3. For iOS versions prior to 14.5, update to iOS 14.5. For iPadOS versions prior to 14.5, update to iPadOS 14.5. For watchOS versions prior to 7.4, update to watchOS 7.4. For tvOS versions prior to 14.5, update to tvOS 14.5.

Name of the Vulnerable Software and Affected Versions: Apple macOS versions prior to 11.3 Apple iOS versions prior to 14.5 Apple iPadOS versions prior to 14.5 Apple watchOS versions prior to 7.4 Apple tvOS versions prior to 14.5 Description: Processing a maliciously crafted audio file may disclose restricted memory due to an out-of-bounds read issue. This was addressed with improved input validation. Recommendations: For macOS versions prior to 11.3, apply Security Update 2021-002 Catalina or update to macOS Big Sur 11.3. For iOS versions prior to 14.5, update to iOS 14.5. For iPadOS versions prior to 14.5, update to iPadOS 14.5. For watchOS versions prior to 7.4, update to watchOS 7.4. For tvOS versions prior to 14.5, update to tvOS 14.5.

Name of the Vulnerable Software and Affected Versions: macOS Catalina versions prior to Security Update 2021-002 macOS Mojave versions prior to Security Update 2021-003 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 macOS Big Sur versions prior to 11.3 Description: A memory corruption issue was addressed with improved validation, which may allow an application to read restricted memory. Recommendations: For macOS Catalina, apply Security Update 2021-002. For macOS Mojave, apply Security Update 2021-003. For iOS, update to version 14.5 or later. For iPadOS, update to version 14.5 or later. For watchOS, update to version 7.4 or later. For tvOS, update to version 14.5 or later. For macOS Big Sur, update to version 11.3 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave watchOS versions prior to 7.3 tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: An out-of-bounds write issue was addressed with improved input validation. Processing maliciously crafted web content may lead to code execution. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave. For watchOS versions prior to 7.3, update to watchOS 7.3. For tvOS versions prior to 14.4, update to tvOS 14.4. For iOS versions prior to 14.4, update to iOS 14.4. For iPadOS versions prior to 14.4, update to iPadOS 14.4.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 7.2 macOS Big Sur versions prior to 11.1 macOS Catalina versions prior to Security Update 2020-001 macOS Mojave versions prior to Security Update 2020-007 iOS versions prior to 14.3 iPadOS versions prior to 14.3 tvOS versions prior to 14.3 **Description** A memory corruption issue existed in the processing of font files. This issue was addressed with improved input validation. Processing a maliciously crafted font file may lead to arbitrary code execution. **Recommendations** For watchOS versions prior to 7.2, update to watchOS 7.2 or later. For macOS Big Sur versions prior to 11.1, update to macOS Big Sur 11.1 or later. For macOS Catalina versions prior to Security Update 2020-001, apply Security Update 2020-001 or later. For macOS Mojave versions prior to Security Update 2020-007, apply Security Update 2020-007 or later. For iOS versions prior to 14.3, update to iOS 14.3 or later. For iPadOS versions prior to 14.3, update to iPadOS 14.3 or later. For tvOS versions prior to 14.3, update to tvOS 14.3 or later.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 7.2 macOS Big Sur versions prior to 11.1 macOS Catalina versions prior to Security Update 2020-001 macOS Mojave versions prior to Security Update 2020-007 iOS versions prior to 14.3 iPadOS versions prior to 14.3 tvOS versions prior to 14.3 **Description** An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously crafted audio file may lead to arbitrary code execution. **Recommendations** For watchOS versions prior to 7.2, update to watchOS 7.2 or later. For macOS Big Sur versions prior to 11.1, update to macOS Big Sur 11.1 or later. For macOS Catalina versions prior to Security Update 2020-001, apply Security Update 2020-001 or later. For macOS Mojave versions prior to Security Update 2020-007, apply Security Update 2020-007 or later. For iOS versions prior to 14.3, update to iOS 14.3 or later. For iPadOS versions prior to 14.3, update to iPadOS 14.3 or later. For tvOS versions prior to 14.3, update to tvOS 14.3 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.2 iPadOS versions prior to 14.2 **Description** An issue existed in the handling of incoming calls, allowing a user to answer two calls simultaneously without indication they have answered a second call. The issue was addressed with additional state checks. **Recommendations** For iOS versions prior to 14.2, update to iOS 14.2 or later to resolve the issue. For iPadOS versions prior to 14.2, update to iPadOS 14.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 7.0 tvOS versions prior to 14.0 macOS Catalina versions prior to 10.15.7 macOS High Sierra versions prior to Security Update 2020-005 macOS Mojave versions prior to Security Update 2020-005 iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** A buffer overflow issue was addressed with improved memory handling. Playing a malicious audio file may lead to arbitrary code execution. **Recommendations** For watchOS versions prior to 7.0, update to watchOS 7.0 or later. For tvOS versions prior to 14.0, update to tvOS 14.0 or later. For macOS Catalina versions prior to 10.15.7, update to macOS Catalina 10.15.7 or later. For macOS High Sierra versions prior to Security Update 2020-005, apply Security Update 2020-005 or later. For macOS Mojave versions prior to Security Update 2020-005, apply Security Update 2020-005 or later. For iOS versions prior to 14.0, update to iOS 14.0 or later. For iPadOS versions prior to 14.0, update to iPadOS 14.0 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.0.1 watchOS versions prior to 7.0 tvOS versions prior to 14.0 iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** An out-of-bounds read issue was addressed with improved bounds checking, which may allow an application to read restricted memory. **Recommendations** For macOS versions prior to 11.0.1, update to macOS Big Sur 11.0.1. For watchOS versions prior to 7.0, update to watchOS 7.0. For tvOS versions prior to 14.0, update to tvOS 14.0. For iOS versions prior to 14.0, update to iOS 14.0. For iPadOS versions prior to 14.0, update to iPadOS 14.0.