Zhuo Liang

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.2 Security Update 2021-001 Catalina Security Update 2021-001 Mojave macOS Big Sur version 11.0.1 **Description** An integer overflow issue was addressed through improved input validation. The issue may lead to arbitrary code execution when processing maliciously crafted web content. **Recommendations** For macOS Big Sur versions prior to 11.2, update to macOS Big Sur 11.2 or later. For Security Update 2021-001 Catalina, apply Security Update 2021-001 or later. For Security Update 2021-001 Mojave, apply Security Update 2021-001 or later. For macOS Big Sur version 11.0.1, update to macOS Big Sur 11.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Mojave versions prior to 10.14.5 Security Update versions prior to 2019-003 High Sierra Security Update versions prior to 2019-003 Sierra watchOS versions prior to 5.2 macOS Mojave version 10.14.4 Security Update versions prior to 2019-002 High Sierra Security Update versions prior to 2019-002 Sierra iOS versions prior to 12.2 **Description** A memory corruption issue was addressed with improved state management, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5. For Security Update versions prior to 2019-003 High Sierra, apply Security Update 2019-003. For Security Update versions prior to 2019-003 Sierra, apply Security Update 2019-003. For watchOS versions prior to 5.2, update to watchOS 5.2. For macOS Mojave version 10.14.4, update to macOS Mojave 10.14.5. For Security Update versions prior to 2019-002 High Sierra, apply Security Update 2019-003. For Security Update versions prior to 2019-002 Sierra, apply Security Update 2019-003. For iOS versions prior to 12.2, update to iOS 12.2.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.15.2 Apple macOS versions prior to Security Update 2019-002 Mojave Apple macOS versions prior to Security Update 2019-007 High Sierra Apple iOS versions prior to 13.3 Apple iPadOS versions prior to 13.3 Apple tvOS versions prior to 13.3 Apple watchOS versions prior to 6.1.1 Apple iCloud for Windows versions prior to 10.9 Apple iCloud for Windows versions prior to 7.16 Apple iTunes for Windows versions prior to 12.10.3 **Description** An application may be able to gain elevated privileges due to an issue that has been addressed with improved checks. **Recommendations** For macOS versions prior to 10.15.2, update to macOS Catalina 10.15.2 or later. For macOS versions prior to Security Update 2019-002 Mojave, apply Security Update 2019-002 Mojave or later. For macOS versions prior to Security Update 2019-007 High Sierra, apply Security Update 2019-007 High Sierra or later. For iOS versions prior to 13.3, update to iOS 13.3 or later. For iPadOS versions prior to 13.3, update to iPadOS 13.3 or later. For tvOS versions prior to 13.3, update to tvOS 13.3 or later. For watchOS versions prior to 6.1.1, update to watchOS 6.1.1 or later. For iCloud for Windows versions prior to 10.9, update to iCloud for Windows 10.9 or later. For iCloud for Windows versions prior to 7.16, update to iCloud for Windows 7.16 or later. For iTunes for Windows versions prior to 12.10.3, update to iTunes 12.10.3 for Windows or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 tvOS versions prior to 13 watchOS versions prior to 6 iOS versions prior to 13 **Description** A memory corruption issue existed in the handling of IPv6 packets due to improper memory management. This could allow a malicious application to determine kernel memory layout. The issue was addressed with improved memory management. **Recommendations** For macOS versions prior to 10.15, update to macOS Catalina 10.15 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For watchOS versions prior to 6, update to watchOS 6 or later. For iOS versions prior to 13, update to iOS 13 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.1 Security Update versions prior to 2019-001 Security Update versions prior to 2019-006 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For macOS versions prior to 10.15.1, update to macOS Catalina 10.15.1 or later. For systems requiring Security Update 2019-001 or 2019-006, apply the respective security update to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.5 Security Update versions prior to 2019-003 High Sierra Security Update versions prior to 2019-003 Sierra iOS versions prior to 12.3 tvOS versions prior to 12.3 watchOS versions prior to 5.3 **Description** A validation issue was addressed with improved input sanitization. An application may be able to read restricted memory. **Recommendations** For macOS versions prior to 10.14.5, update to macOS Mojave 10.14.5. For Security Update versions prior to 2019-003 High Sierra, apply Security Update 2019-003 High Sierra. For Security Update versions prior to 2019-003 Sierra, apply Security Update 2019-003 Sierra. For iOS versions prior to 12.3, update to iOS 12.3. For tvOS versions prior to 12.3, update to tvOS 12.3. For watchOS versions prior to 5.3, update to watchOS 5.3.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 **Description** A memory corruption issue was addressed by removing the vulnerable code. This issue may allow a malicious application to break out of its sandbox. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.5 **Description** The issue involves an out-of-bounds read that has been addressed with improved bounds checking. A malicious application may be able to break out of its sandbox. **Recommendations** For versions prior to 10.15.5, update to macOS Catalina 10.15.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 **Description** A use after free issue was addressed with improved memory management. This allows an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For macOS Catalina versions prior to 10.15.5, update to macOS Catalina 10.15.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.3 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For versions prior to 10.15.3, update to macOS Catalina 10.15.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.3.1 iPadOS versions prior to 13.3.1 macOS Catalina versions prior to 10.15.3 tvOS versions prior to 13.3.1 watchOS versions prior to 6.1.2 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For iOS versions prior to 13.3.1, update to iOS 13.3.1 or later. For iPadOS versions prior to 13.3.1, update to iPadOS 13.3.1 or later. For macOS Catalina versions prior to 10.15.3, update to macOS Catalina 10.15.3 or later. For tvOS versions prior to 13.3.1, update to tvOS 13.3.1 or later. For watchOS versions prior to 6.1.2, update to watchOS 6.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.4 **Description** A buffer overflow issue was addressed through improved size validation, which could allow a malicious application to execute arbitrary code with kernel privileges. **Recommendations** For versions prior to 10.14.4, update to macOS Mojave 10.14.4 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.2 Description: An out-of-bounds read issue was addressed through improved input validation. Recommendations: For versions prior to 10.14.2, update to macOS Mojave 10.14.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A memory initialization issue was addressed with improved memory handling. A malicious application may be able to break out of its sandbox. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** The issue allows a malicious application to read restricted memory due to an out-of-bounds read. This was addressed with improved bounds checking. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.1.3 Apple tvOS versions prior to 12.1.2 Apple watchOS versions prior to 5.1.3 Apple Safari versions prior to 12.0.3 Apple iTunes for Windows versions prior to 12.9.3 Apple iCloud for Windows versions prior to 7.10 **Description** The issue is related to memory corruption and can be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is caused by a buffer overflow in the WebKit display module. A remote attacker can exploit this issue using a specially crafted web page, allowing for remote code execution. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes for Windows versions prior to 12.9.3, update to iTunes 12.9.3 or later. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12 Apple macOS versions prior to 10.14 **Description** A memory corruption issue was addressed with improved memory handling. **Recommendations** For Apple iOS versions prior to 12, update to iOS 12 or later. For Apple macOS versions prior to 10.14, update to macOS 10.14 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the `Hypervisor` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `Hypervisor` component until a patch is available.