CVE-2021-30733

Name of the Vulnerable Software and Affected Versions Apple tvOS versions prior to 14.6 Apple iOS versions prior to 14.6 Apple iPadOS versions prior to 14.6 Apple macOS versions prior to 11.4 Apple watchOS versions prior to 7.5 macOS Catalina versions prior to Security Update 2021-004 macOS Mojave versions prior to Security Update 2021-005

Description The issue is related to an out-of-bounds read in the CoreText application programming interface of Apple operating systems, including iOS, macOS, iPadOS, iPhoneOS, watchOS, and tvOS. This occurs when processing a maliciously crafted font file, potentially allowing a remote attacker to access protected information. The exploitation of this issue may result in the disclosure of process memory.

Recommendations For tvOS versions prior to 14.6, update to tvOS 14.6 or later. For iOS versions prior to 14.6, update to iOS 14.6 or later. For iPadOS versions prior to 14.6, update to iPadOS 14.6 or later. For macOS Big Sur versions prior to 11.4, update to macOS Big Sur 11.4 or later. For watchOS versions prior to 7.5, update to watchOS 7.5 or later. For macOS Catalina, apply Security Update 2021-004 or later. For macOS Mojave, apply Security Update 2021-005 or later.