Simon Huang

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 15.1 Apple iPadOS versions prior to 15.1 Apple macOS versions prior to 12.0.1 Apple tvOS versions prior to 15.1 Apple watchOS versions prior to 8.1 Apple macOS Catalina versions prior to Security Update 2021-007 Apple macOS Big Sur versions prior to 11.6.1 **Description** An input validation issue was addressed with improved memory handling. Unpacking a maliciously crafted archive may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 15.1, update to iOS 15.1 or later. For iPadOS versions prior to 15.1, update to iPadOS 15.1 or later. For macOS Monterey versions prior to 12.0.1, update to macOS Monterey 12.0.1 or later. For tvOS versions prior to 15.1, update to tvOS 15.1 or later. For watchOS versions prior to 8.1, update to watchOS 8.1 or later. For macOS Catalina, apply Security Update 2021-007 or later. For macOS Big Sur versions prior to 11.6.1, update to macOS Big Sur 11.6.1 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Graphics Drivers versions prior to 10.12.5 **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue involves the `QuickTime` component and allows remote attackers to execute arbitrary code or cause a denial of service, including memory corruption and application crash, via a crafted media file. This is due to a buffer overflow on the stack. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the `QuickTime` component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.1 **Description** The issue involves the `ATS` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted font. This is caused by a buffer overflow in memory. **Recommendations** For macOS versions prior to 10.12.1, update to version 10.12.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `ATS` component until a patch is available. Avoid using crafted fonts in affected systems to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 macOS versions prior to 10.12.1 tvOS versions prior to 10.0.1 watchOS versions prior to 3.1.3 **Description** The issue involves the `FontParser` component and allows remote attackers to execute arbitrary code or cause a denial of service via a crafted font, resulting in a buffer overflow and application crash. **Recommendations** For iOS versions prior to 10.1, update to version 10.1 or later. For macOS versions prior to 10.12.1, update to version 10.12.1 or later. For tvOS versions prior to 10.0.1, update to version 10.0.1 or later. For watchOS versions prior to 3.1.3, update to version 3.1.3 or later.