Yuebinsun2020

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.6 macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 **Description** A path handling issue was addressed with improved validation. An application may be able to break out of its sandbox. **Recommendations** Update to macOS version 15.6 or later. Update to macOS version 14.7.7 or later. Update to macOS version 13.7.7 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.5 macOS Big Sur versions prior to 11.6.8 Security Update versions prior to 2022-005 Catalina **Description** An access issue was addressed with improvements to the sandbox, allowing an app to potentially access sensitive user information. **Recommendations** For macOS versions prior to 12.5, update to macOS Monterey 12.5. For macOS Big Sur versions prior to 11.6.8, update to macOS Big Sur 11.6.8. For Security Update versions prior to 2022-005 Catalina, apply Security Update 2022-005 Catalina.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.4 macOS Big Sur versions prior to 11.6.6 **Description** The issue allows an app to bypass Privacy preferences. It was addressed with improved checks. **Recommendations** For macOS versions prior to 12.4, update to macOS Monterey 12.4. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 15.4 Apple iOS versions prior to 15.4 Apple iPadOS versions prior to 15.4 Apple macOS Monterey versions prior to 12.3 Apple watchOS versions prior to 8.5 **Description** The issue allows a malicious application to read other applications' settings. This was addressed with additional permissions checks. **Recommendations** For Apple tvOS versions prior to 15.4, update to tvOS 15.4 or later. For Apple iOS versions prior to 15.4, update to iOS 15.4 or later. For Apple iPadOS versions prior to 15.4, update to iPadOS 15.4 or later. For Apple macOS Monterey versions prior to 12.3, update to macOS Monterey 12.3 or later. For Apple watchOS versions prior to 8.5, update to watchOS 8.5 or later.

**Name of the Vulnerable Software and Affected Versions** tvOS versions prior to 15.3 iOS versions prior to 15.3 iPadOS versions prior to 15.3 watchOS versions prior to 8.4 macOS Monterey versions prior to 12.2 **Description** A logic issue was addressed with improved validation. A malicious application may be able to gain root privileges. **Recommendations** For tvOS versions prior to 15.3, update to tvOS 15.3 or later. For iOS versions prior to 15.3, update to iOS 15.3 or later. For iPadOS versions prior to 15.3, update to iPadOS 15.3 or later. For watchOS versions prior to 8.4, update to watchOS 8.4 or later. For macOS Monterey versions prior to 12.2, update to macOS Monterey 12.2 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.5 iPadOS versions prior to 14.5 Description: An issue was found that could potentially expose a user's password on screen due to inadequate password obscuring in screenshots. This issue has been addressed with improved logic. Recommendations: For iOS versions prior to 14.5, update to iOS 14.5 or later to resolve the issue. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 15 Apple iPadOS versions prior to 15 Apple tvOS versions prior to 15 Apple watchOS versions prior to 8 **Description** A logic issue was addressed with improved state management, which may allow a sandboxed process to circumvent sandbox restrictions. **Recommendations** For Apple iOS versions prior to 15, update to iOS 15 or later. For Apple iPadOS versions prior to 15, update to iPadOS 15 or later. For Apple tvOS versions prior to 15, update to tvOS 15 or later. For Apple watchOS versions prior to 8, update to watchOS 8 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.3 macOS Catalina versions prior to Security Update 2022-001 **Description** A malicious application may be able to bypass certain Privacy preferences due to this issue. The issue was addressed with improved checks. **Recommendations** For macOS Catalina, apply Security Update 2022-001 to resolve the issue. For macOS Big Sur, update to version 11.6.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.2 tvOS versions prior to 15.2 macOS Monterey versions prior to 12.1 macOS Catalina versions prior to Security Update 2021-008 iOS versions prior to 15.2 iPadOS versions prior to 15.2 watchOS versions prior to 8.3 **Description** A local attacker may be able to elevate their privileges due to this issue. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For macOS versions prior to 11.6.2, update to macOS Big Sur 11.6.2. For tvOS versions prior to 15.2, update to tvOS 15.2. For macOS Monterey versions prior to 12.1, update to macOS Monterey 12.1. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008. For iOS versions prior to 15.2, update to iOS 15.2. For iPadOS versions prior to 15.2, update to iPadOS 15.2. For watchOS versions prior to 8.3, update to watchOS 8.3.

**Name of the Vulnerable Software and Affected Versions** macOS Catalina versions prior to Security Update 2021-005 iOS versions prior to 14.8 iPadOS versions prior to 14.8 iOS version 15 iPadOS version 15 watchOS version 8 macOS Big Sur version 11.6 **Description** A validation issue existed in the handling of symlinks, which has been addressed with improved validation of symlinks. This issue may allow an application to access restricted files. **Recommendations** For macOS Catalina, apply Security Update 2021-005 to resolve the issue. For iOS and iPadOS, update to version 14.8 or later to resolve the issue. For watchOS, update to version 8 to resolve the issue. For macOS Big Sur, update to version 11.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.6.2 macOS Catalina versions prior to Security Update 2021-008 **Description** A path handling issue was addressed with improved validation. This issue may cause unexpected JavaScript execution from a file on disk when processing a maliciously crafted URL. The vulnerability is related to insufficient input validation in the Help Viewer component of macOS Big Sur, which may allow an attacker to execute arbitrary JavaScript code. **Recommendations** For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later to resolve the issue. For macOS Catalina versions prior to Security Update 2021-008, apply Security Update 2021-008 to resolve the issue. As a temporary workaround, consider restricting access to maliciously crafted URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 14.5 iPadOS versions prior to 14.5 tvOS versions prior to 14.5 watchOS versions prior to 7.4 macOS versions prior to 11.3 macOS Catalina versions prior to Security Update 2021-002 macOS Mojave versions prior to Security Update 2021-003 **Description** The issue is related to incorrect restriction of directory path names with limited access. Exploitation of this issue may allow an attacker to impact the integrity of protected information. A local user may be able to modify protected parts of the file system due to a parsing issue in the handling of directory paths. **Recommendations** For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For macOS Big Sur versions prior to 11.3, update to macOS Big Sur 11.3 or later. For macOS Catalina versions prior to Security Update 2021-002, apply Security Update 2021-002 or later. For macOS Mojave versions prior to Security Update 2021-003, apply Security Update 2021-003 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 **Description** The issue is related to a parsing problem in the handling of directory paths, which can be exploited to gain unauthorized access to protected information. A local user may be able to modify protected parts of the file system due to insufficient path validation. **Recommendations** For macOS versions prior to 11.3, apply Security Update 2021-002 Catalina. For iOS versions prior to 14.5, update to iOS 14.5 or later. For iPadOS versions prior to 14.5, update to iPadOS 14.5 or later. For watchOS versions prior to 7.4, update to watchOS 7.4 or later. For tvOS versions prior to 14.5, update to tvOS 14.5 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.3 iOS versions prior to 14.5 iPadOS versions prior to 14.5 watchOS versions prior to 7.4 tvOS versions prior to 14.5 **Description** A parsing issue in the handling of directory paths was addressed with improved path validation. This issue allows a local user to modify protected parts of the file system, potentially leading to privilege escalation. The vulnerability is related to insufficient validation of directory path names with restricted access. **Recommendations** For macOS versions prior to 11.3, update to macOS Big Sur 11.3 to resolve the issue. For iOS versions prior to 14.5, update to iOS 14.5 to resolve the issue. For iPadOS versions prior to 14.5, update to iPadOS 14.5 to resolve the issue. For watchOS versions prior to 7.4, update to watchOS 7.4 to resolve the issue. For tvOS versions prior to 14.5, update to tvOS 14.5 to resolve the issue.