Qi Sun

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.4 macOS Big Sur versions prior to 11.6.6 macOS Catalina versions prior to Security Update 2022-004 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 12.4, update to macOS Monterey 12.4 or later. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6 or later. For macOS Catalina versions prior to Security Update 2022-004, apply Security Update 2022-004.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.4 macOS Big Sur versions prior to 11.6.6 macOS Catalina versions prior to Security Update 2022-004 **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 12.4, update to macOS Monterey 12.4 or later. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6 or later. For macOS Catalina versions prior to Security Update 2022-004, apply Security Update 2022-004.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.5 macOS Monterey versions prior to 12.3 **Description** A memory corruption issue was addressed with improved validation. Processing a maliciously crafted file may lead to arbitrary code execution. **Recommendations** For macOS versions prior to 11.6.5, update to macOS Big Sur 11.6.5 or later. For macOS Monterey versions prior to 12.3, update to macOS Monterey 12.3 or later. For macOS Catalina, apply Security Update 2022-003 Catalina.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.5 macOS Monterey versions prior to 12.3 macOS Catalina versions prior to Security Update 2022-003 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 11.6.5, update to macOS Big Sur 11.6.5. For macOS Monterey versions prior to 12.3, update to macOS Monterey 12.3. For macOS Catalina versions prior to Security Update 2022-003, apply Security Update 2022-003 Catalina.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.5 macOS Monterey versions prior to 12.3 macOS Catalina versions without Security Update 2022-003 **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory. **Recommendations** For macOS versions prior to 11.6.5, update to macOS Big Sur 11.6.5. For macOS Monterey versions prior to 12.3, update to macOS Monterey 12.3. For macOS Catalina, apply Security Update 2022-003.

Name of the Vulnerable Software and Affected Versions: Apple iOS versions prior to 14.4 Apple iPadOS versions prior to 14.4 Description: The issue allows arbitrary code execution when processing a maliciously crafted image. Recommendations: For Apple iOS versions prior to 14.4, update to iOS 14.4 or later. For Apple iPadOS versions prior to 14.4, update to iPadOS 14.4 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 watchOS versions prior to 7.4 Description: The issue allows arbitrary code execution when processing a maliciously crafted image. Recommendations: For macOS versions prior to 11.3, update to macOS Big Sur 11.3 to resolve the issue. For watchOS versions prior to 7.4, update to watchOS 7.4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: Processing a maliciously crafted image may lead to arbitrary code execution. An out-of-bounds write issue was addressed with improved bounds checking. Recommendations: For macOS versions prior to 11.3, update to macOS Big Sur 11.3 or later. For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave watchOS versions prior to 7.3 tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: An out-of-bounds read issue existed, leading to the disclosure of kernel memory. This issue was addressed with improved input validation. A malicious application may be able to disclose kernel memory. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave. For watchOS versions prior to 7.3, update to watchOS 7.3. For tvOS versions prior to 14.4, update to tvOS 14.4. For iOS versions prior to 14.4, update to iOS 14.4. For iPadOS versions prior to 14.4, update to iPadOS 14.4.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave watchOS versions prior to 7.3 tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: Processing a maliciously crafted image may lead to arbitrary code execution. The issue was addressed with improved checks. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave. For watchOS versions prior to 7.3, update to watchOS 7.3. For tvOS versions prior to 14.4, update to tvOS 14.4. For iOS versions prior to 14.4, update to iOS 14.4. For iPadOS versions prior to 14.4, update to iPadOS 14.4.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave **Description** The issue allows for arbitrary code execution when processing a maliciously crafted font. This is due to an integer underflow in the TTF parsing component of the libFontParser library. **Recommendations** For macOS versions prior to 11.2, update to macOS Big Sur 11.2 or apply Security Update 2021-001. For Catalina, apply Security Update 2021-001. For Mojave, apply Security Update 2021-001.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted font may lead to arbitrary code execution. **Recommendations** For macOS versions prior to Big Sur 11.2, update to macOS Big Sur 11.2 or later. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina or later. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted font may result in the disclosure of process memory. **Recommendations** For iOS versions prior to 14.0, update to iOS 14.0 or later to resolve the issue. For iPadOS versions prior to 14.0, update to iPadOS 14.0 or later to resolve the issue.