Xingwei Lin

**Name of the Vulnerable Software and Affected Versions** iPadOS versions prior to 17.7.4 macOS Ventura versions prior to 13.7.3 macOS Sonoma versions prior to 14.7.3 visionOS versions prior to 2.3 iOS versions prior to 18.3 iPadOS versions prior to 18.3 macOS Sequoia versions prior to 15.3 tvOS versions prior to 18.3 **Description** The issue is related to incorrect clearing or release of resources, which may lead to an unexpected app termination when parsing a file. Exploitation of this issue may allow an attacker to cause a denial of service. **Recommendations** For iPadOS versions prior to 17.7.4, update to iPadOS 17.7.4 or later. For macOS Ventura versions prior to 13.7.3, update to macOS Ventura 13.7.3 or later. For macOS Sonoma versions prior to 14.7.3, update to macOS Sonoma 14.7.3 or later. For visionOS versions prior to 2.3, update to visionOS 2.3 or later. For iOS versions prior to 18.3, update to iOS 18.3 or later. For iPadOS versions prior to 18.3, update to iPadOS 18.3 or later. For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3 or later. For tvOS versions prior to 18.3, update to tvOS 18.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 15.7.1 Apple iOS version 16.1 and earlier Apple iPadOS versions prior to 15.7.1 Apple iPadOS version 16.1 and earlier **Description** The issue is related to an out-of-bounds write vulnerability that may allow an attacker to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited. The estimated number of potentially affected devices is not specified. **Recommendations** For Apple iOS versions prior to 15.7.1, update to iOS 15.7.1 or later. For Apple iOS version 16.1 and earlier, update to iOS 16.1 or later. For Apple iPadOS versions prior to 15.7.1, update to iPadOS 15.7.1 or later. For Apple iPadOS version 16.1 and earlier, update to iPadOS 16.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.1 iPadOS versions prior to 15.7.1 tvOS versions prior to 16.1 iOS versions prior to 16.1 iPadOS versions prior to 16 macOS Ventura versions prior to 13 **Description** The issue was addressed with improved memory handling. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For iOS versions prior to 15.7.1, update to iOS 15.7.1 or later. For iPadOS versions prior to 15.7.1, update to iPadOS 15.7.1 or later. For tvOS versions prior to 16.1, update to tvOS 16.1 or later. For iOS versions prior to 16.1, update to iOS 16.1 or later. For iPadOS versions prior to 16, update to iPadOS 16 or later. For macOS Ventura versions prior to 13, update to macOS Ventura 13 or later.

**Name of the Vulnerable Software and Affected Versions** iCloud for Windows versions prior to 11.4 iCloud for Windows versions prior to 7.21 iOS versions prior to 14.0 iPadOS versions prior to 14.0 watchOS versions prior to 7.0 tvOS versions prior to 14.0 iTunes for Windows versions prior to 12.10.9 **Description** The issue is related to an out-of-bounds read in the ImageIO component, which can be exploited by processing a maliciously crafted tiff file. This may lead to a denial-of-service or potentially disclose memory contents, allowing an attacker to gain unauthorized access to protected information. **Recommendations** For iCloud for Windows versions prior to 11.4, update to version 11.4 or later. For iCloud for Windows versions prior to 7.21, update to version 7.21 or later. For iOS versions prior to 14.0, update to version 14.0 or later. For iPadOS versions prior to 14.0, update to version 14.0 or later. For watchOS versions prior to 7.0, update to version 7.0 or later. For tvOS versions prior to 14.0, update to version 14.0 or later. For iTunes for Windows versions prior to 12.10.9, update to version 12.10.9 or later. As a temporary workaround, consider avoiding the use of maliciously crafted tiff files until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** iPadOS versions prior to 15 iOS versions prior to 15 tvOS versions prior to 15 watchOS versions prior to 8 **Description** The issue is related to an out-of-bounds read in the FontParser component, which can result in the disclosure of process memory when processing a maliciously crafted font. This can allow a remote attacker to reveal protected information. **Recommendations** For iPadOS versions prior to 15, update to iPadOS 15 or later to resolve the issue. For iOS versions prior to 15, update to iOS 15 or later to resolve the issue. For tvOS versions prior to 15, update to tvOS 15 or later to resolve the issue. For watchOS versions prior to 8, update to watchOS 8 or later to resolve the issue. As a temporary workaround, consider restricting the use of potentially malicious fonts until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 15 Apple iPadOS versions prior to 15 Apple tvOS versions prior to 15 Apple watchOS versions prior to 8 **Description** The issue is related to the FontParser component in Apple operating systems, which is vulnerable to a buffer overflow in memory. This can be exploited by processing a maliciously crafted dfont file, potentially leading to arbitrary code execution. **Recommendations** For Apple iOS versions prior to 15, update to iOS 15 or later to resolve the issue. For Apple iPadOS versions prior to 15, update to iPadOS 15 or later to resolve the issue. For Apple tvOS versions prior to 15, update to tvOS 15 or later to resolve the issue. For Apple watchOS versions prior to 8, update to watchOS 8 or later to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted dfont files until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.8 iPadOS versions prior to 14.8 macOS Big Sur versions prior to 11.6 macOS Catalina versions prior to Security Update 2021-005 tvOS versions prior to 15 iOS versions prior to 15 iPadOS versions prior to 15 watchOS versions prior to 8 **Description** Processing a maliciously crafted dfont file may lead to arbitrary code execution. This issue was addressed with improved checks. **Recommendations** For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For macOS Big Sur versions prior to 11.6, update to macOS Big Sur 11.6 or later. For macOS Catalina versions prior to Security Update 2021-005, apply Security Update 2021-005 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For iOS versions prior to 15, update to iOS 15 or later. For iPadOS versions prior to 15, update to iPadOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.8 iPadOS versions prior to 14.8 macOS Big Sur versions prior to 11.6 macOS Catalina versions prior to Security Update 2021-005 tvOS versions prior to 15 watchOS versions prior to 8 **Description** This issue was addressed with improved checks. Processing a maliciously crafted dfont file may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For macOS Big Sur versions prior to 11.6, update to macOS Big Sur 11.6 or later. For macOS Catalina versions prior to Security Update 2021-005, apply Security Update 2021-005 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 14.8 Apple iPadOS versions prior to 14.8 Apple macOS Big Sur versions prior to 11.6 Apple macOS Catalina versions prior to Security Update 2021-005 Apple tvOS versions prior to 15 Apple watchOS versions prior to 8 **Description** The issue was addressed with improved checks. Processing a maliciously crafted dfont file may lead to arbitrary code execution. **Recommendations** For Apple iOS versions prior to 14.8, update to iOS 14.8 or later. For Apple iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For Apple macOS Big Sur versions prior to 11.6, update to macOS Big Sur 11.6 or later. For Apple macOS Catalina versions prior to Security Update 2021-005, apply Security Update 2021-005 or later. For Apple tvOS versions prior to 15, update to tvOS 15 or later. For Apple watchOS versions prior to 8, update to watchOS 8 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 iOS versions prior to 15.2 iPadOS versions prior to 15.2 macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** An out-of-bounds write issue was addressed with improved bounds checking. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.6.1 macOS Monterey versions prior to 12.0.1 iOS versions prior to 15.1 iPadOS versions prior to 15.1 macOS Catalina versions without Security Update 2021-007 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS Big Sur versions prior to 11.6.1, update to version 11.6.1 or later. For macOS Monterey versions prior to 12.0.1, update to version 12.0.1 or later. For iOS versions prior to 15.1, update to version 15.1 or later. For iPadOS versions prior to 15.1, update to version 15.1 or later. For macOS Catalina, apply Security Update 2021-007.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 iOS versions prior to 15.2 iPadOS versions prior to 15.2 macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 iOS versions prior to 15.2 iPadOS versions prior to 15.2 macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** A buffer overflow issue was addressed with improved memory handling. Processing a maliciously crafted USD file may disclose memory contents. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For iOS versions prior to 15.2, update to iOS 15.2 or later. For iPadOS versions prior to 15.2, update to iPadOS 15.2 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.4 tvOS versions prior to 14.6 watchOS versions prior to 7.5 iOS versions prior to 14.6 iPadOS versions prior to 14.6 **Description** The issue is related to the processing of maliciously crafted fonts, which may result in the disclosure of process memory due to an out-of-bounds read. This can potentially allow an attacker to access protected information. The problem was addressed with improved input validation. **Recommendations** For macOS versions prior to 11.4, update to macOS Big Sur 11.4 or later. For tvOS versions prior to 14.6, update to tvOS 14.6 or later. For watchOS versions prior to 7.5, update to watchOS 7.5 or later. For iOS versions prior to 14.6, update to iOS 14.6 or later. For iPadOS versions prior to 14.6, update to iPadOS 14.6 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.4 tvOS versions prior to 14.6 watchOS versions prior to 7.5 **Description** Processing a maliciously crafted font may result in the disclosure of process memory. An out-of-bounds read was addressed with improved input validation. **Recommendations** For macOS versions prior to 11.4, update to macOS Big Sur 11.4 or later. For tvOS versions prior to 14.6, update to tvOS 14.6 or later. For watchOS versions prior to 7.5, update to watchOS 7.5 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 watchOS versions prior to 7.4 Description: The issue allows arbitrary code execution when processing a maliciously crafted image. Recommendations: For macOS versions prior to 11.3, update to macOS Big Sur 11.3 to resolve the issue. For watchOS versions prior to 7.4, update to watchOS 7.4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: iTunes versions prior to 12.11.3 for Windows Security Update versions prior to 2021-002 for Catalina Security Update versions prior to 2021-003 for Mojave iCloud for Windows versions prior to 12.3 macOS Big Sur versions prior to 11.3 watchOS versions prior to 7.4 tvOS versions prior to 14.5 iOS versions prior to 14.5 iPadOS versions prior to 14.5 Description: A logic issue was addressed with improved state management. Processing a maliciously crafted font may result in the disclosure of process memory. Recommendations: For iTunes versions prior to 12.11.3 for Windows, update to version 12.11.3 or later. For Security Update versions prior to 2021-002 for Catalina, apply Security Update 2021-002 or later. For Security Update versions prior to 2021-003 for Mojave, apply Security Update 2021-003 or later. For iCloud for Windows versions prior to 12.3, update to version 12.3 or later. For macOS Big Sur versions prior to 11.3, update to version 11.3 or later. For watchOS versions prior to 7.4, update to version 7.4 or later. For tvOS versions prior to 14.5, update to version 14.5 or later. For iOS versions prior to 14.5, update to version 14.5 or later. For iPadOS versions prior to 14.5, update to version 14.5 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 **Description** Processing a maliciously crafted image may lead to arbitrary code execution. The issue was addressed with improved checks. **Recommendations** For macOS versions prior to 11.3, update to macOS Big Sur 11.3. For iOS versions prior to 14.5, update to iOS 14.5. For iPadOS versions prior to 14.5, update to iPadOS 14.5. For watchOS versions prior to 7.4, update to watchOS 7.4. For tvOS versions prior to 14.5, update to tvOS 14.5.

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.3 watchOS versions prior to 7.4 Description: The issue allows arbitrary code execution when processing a maliciously crafted image. This is due to insufficient checks that have been improved in the fixed versions. Recommendations: For macOS Big Sur versions prior to 11.3, update to macOS Big Sur 11.3 to resolve the issue. For watchOS versions prior to 7.4, update to watchOS 7.4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 Description: An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted font file may lead to arbitrary code execution. Recommendations: For macOS versions prior to 11.3, update to macOS Big Sur 11.3 or later. For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later. As a temporary workaround, consider avoiding the use of maliciously crafted font files until a patch is available.