Peter Nguyen Vu Hoang

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.8 iPadOS versions prior to 14.8 tvOS versions prior to 15 watchOS versions prior to 8 iOS versions prior to 15 iPadOS versions prior to 15 WebKitGTK (affected versions not specified) WPE WebKit (affected versions not specified) **Description** The issue is related to an out-of-bounds read in memory, which can be exploited by processing a maliciously crafted audio file, potentially disclosing restricted memory. This can allow an attacker to gain unauthorized access to protected information. **Recommendations** For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later. For iOS versions prior to 15, update to iOS 15 or later. For iPadOS versions prior to 15, update to iPadOS 15 or later. At the moment, there is no information about a newer version that contains a fix for this vulnerability for WebKitGTK and WPE WebKit.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.6 macOS Catalina versions prior to Security Update 2021-005 **Description** A logic issue was addressed with improved state management, allowing a remote attacker to potentially leak memory. **Recommendations** For macOS Catalina, apply Security Update 2021-005 to resolve the issue. For macOS Big Sur, update to version 11.6 or later to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.6 **Description** An out-of-bounds read issue was addressed with improved bounds checking, which may allow a local user to read kernel memory. **Recommendations** For macOS Big Sur versions prior to 11.6, update to macOS Big Sur 11.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.1 **Description** A race condition was addressed with improved locking, which could allow a malicious application to execute arbitrary code with kernel privileges. **Recommendations** For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Description: The issue is related to an out-of-bounds write problem, which can be triggered by opening a maliciously crafted PDF file. This may lead to unexpected application termination or arbitrary code execution. The vulnerability is associated with the libFontParser library in the operating systems. Recommendations: For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For macOS Catalina versions prior to 10.15.5, update to macOS Catalina 10.15.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** Foxit Reader version 9.7.1.29511 **Description** This issue allows remote attackers to execute arbitrary code on affected installations. User interaction is required, where the target must visit a malicious page or open a malicious file. The flaw exists within the handling of widgets in XFA forms due to the lack of validating the existence of an object prior to performing operations on it. An attacker can leverage this to execute code in the context of the current process. **Recommendations** For Foxit Reader version 9.7.1.29511, consider disabling the handling of widgets in XFA forms as a temporary workaround until a patch is available. Restrict access to malicious pages or files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.