Proteas

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.15.4 Security Update 2020-002 Mojave versions prior to the update Security Update 2020-002 High Sierra versions prior to the update Description: A use after free issue was addressed with improved memory management, allowing a malicious application to potentially execute arbitrary code with kernel privileges. Recommendations: For macOS versions prior to 10.15.4, update to macOS Catalina 10.15.4 or later. For Security Update 2020-002 Mojave, apply the Security Update 2020-002. For Security Update 2020-002 High Sierra, apply the Security Update 2020-002.

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave watchOS versions prior to 7.3 tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: An out-of-bounds read issue was addressed with improved bounds checking, which may allow a local attacker to elevate their privileges. Recommendations: For macOS Big Sur, update to version 11.2 or later. For macOS Catalina, apply Security Update 2021-001. For macOS Mojave, apply Security Update 2021-001. For watchOS, update to version 7.3 or later. For tvOS, update to version 14.4 or later. For iOS, update to version 14.4 or later. For iPadOS, update to version 14.4 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.0.1 watchOS versions prior to 7.0 tvOS versions prior to 14.0 iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** An out-of-bounds read issue was addressed with improved input validation, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For macOS versions prior to 11.0.1, update to macOS Big Sur 11.0.1. For watchOS versions prior to 7.0, update to watchOS 7.0. For tvOS versions prior to 14.0, update to tvOS 14.0. For iOS versions prior to 14.0, update to iOS 14.0. For iPadOS versions prior to 14.0, update to iPadOS 14.0.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 watchOS versions prior to 6.2.8 **Description** A memory corruption issue was addressed with improved memory handling. A malicious application may be able to execute arbitrary code with system privileges. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.4 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For macOS versions prior to 10.15.4, update to macOS Catalina 10.15.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.4 iPadOS versions prior to 13.4 macOS Catalina versions prior to 10.15.4 tvOS versions prior to 13.4 watchOS versions prior to 6.2 **Description** The issue involves multiple memory corruption problems that have been resolved through enhanced state management. A malicious application could potentially execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 13.4, update to iOS 13.4 or later. For iPadOS versions prior to 13.4, update to iPadOS 13.4 or later. For macOS Catalina versions prior to 10.15.4, update to macOS Catalina 10.15.4 or later. For tvOS versions prior to 13.4, update to tvOS 13.4 or later. For watchOS versions prior to 6.2, update to watchOS 6.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.4 **Description** The issue involves multiple memory corruption problems that have been resolved through enhanced state management. A malicious application could potentially execute arbitrary code with kernel privileges. **Recommendations** For versions prior to 10.15.4, update to macOS Catalina 10.15.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.3.1 iPadOS versions prior to 13.3.1 watchOS versions prior to 6.1.2 **Description** A memory corruption issue was addressed with improved input validation, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 13.3.1, update to iOS 13.3.1 or later to resolve the issue. For iPadOS versions prior to 13.3.1, update to iPadOS 13.3.1 or later to resolve the issue. For watchOS versions prior to 6.1.2, update to watchOS 6.1.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.3.1 iPadOS versions prior to 13.3.1 **Description** A race condition was addressed with improved locking, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 13.3.1, update to iOS 13.3.1 or later. For iPadOS versions prior to 13.3.1, update to iPadOS 13.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4.1 tvOS versions prior to 11.4.1 watchOS versions prior to 4.3.2 **Description** An out-of-bounds read issue existed, leading to the disclosure of kernel memory. This issue was addressed with improved input validation. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later. For tvOS versions prior to 11.4.1, update to tvOS 11.4.1 or later. For watchOS versions prior to 4.3.2, update to watchOS 4.3.2 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.1 Description: A memory corruption issue was addressed with improved memory handling. Recommendations: For versions prior to 10.14.1, update to macOS Mojave 10.14.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A memory initialization issue was addressed with improved memory handling. A malicious application may be able to break out of its sandbox. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.1.3 Apple tvOS versions prior to 12.1.2 Apple watchOS versions prior to 5.1.3 Apple Safari versions prior to 12.0.3 Apple iTunes for Windows versions prior to 12.9.3 Apple iCloud for Windows versions prior to 7.10 **Description** The issue is related to memory corruption and can be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is caused by a buffer overflow in the WebKit display module. A remote attacker can exploit this issue using a specially crafted web page, allowing for remote code execution. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes for Windows versions prior to 12.9.3, update to iTunes 12.9.3 or later. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 tvOS versions prior to 11.4 watchOS versions prior to 4.3.1 **Description** The issue involves the `FontParser` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted font file. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the `IOHIDFamily` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. It is caused by a buffer overflow in memory. Exploitation of the issue may allow an attacker to execute arbitrary code with kernel privileges or cause a denial of service using a specially crafted application. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `IOHIDFamily` component to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 macOS versions prior to 10.12.6 tvOS versions prior to 10.2.2 watchOS versions prior to 3.2.3 **Description** The issue involves the Kernel component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app, resulting in memory corruption. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later. For macOS versions prior to 10.12.6, update to version 10.12.6 or later. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later. For watchOS versions prior to 3.2.3, update to version 3.2.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 Apple OS X versions prior to 10.12 Apple tvOS versions prior to 10 Apple watchOS versions prior to 3 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later. For Apple OS X versions prior to 10.12, update to version 10.12 or later. For Apple tvOS versions prior to 10, update to version 10 or later. For Apple watchOS versions prior to 3, update to version 3 or later.

**Name of the Vulnerable Software and Affected Versions** libarchive in Apple OS X versions prior to 10.12 **Description** The issue is caused by a buffer overflow in the libarchive component, allowing remote attackers to cause a denial of service (memory corruption) or possibly have other unspecified impacts via a crafted file. **Recommendations** For libarchive in Apple OS X versions prior to 10.12, update to version 10.12 or later to resolve the issue.

The kernel in Apple iOS before 9.3.3, OS X before 10.11.6, tvOS before 9.2.2, and watchOS before 2.2.2 allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2016-1863 and CVE-2016-4653.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is caused by a buffer overflow in the AppleRAID component, allowing attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This can be exploited by a remote attacker using a specially crafted application. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue. As a temporary workaround, consider restricting the use of the AppleRAID component until a patch is available.