CVE-2021-30834

Name of the Vulnerable Software and Affected Versions iOS versions prior to 14.8 iPadOS versions prior to 14.8 tvOS versions prior to 15 watchOS versions prior to 8 Mac OS (affected versions not specified)

Description A logic issue was addressed with improved state management. Processing a malicious audio file may result in unexpected application termination or arbitrary code execution. The issue is related to insufficient input validation, which may allow an attacker to execute arbitrary code using a specially crafted file.

Recommendations For iOS versions prior to 14.8, update to iOS 14.8 or later. For iPadOS versions prior to 14.8, update to iPadOS 14.8 or later. For tvOS versions prior to 15, update to tvOS 15 or later. For watchOS versions prior to 8, update to watchOS 8 or later. For Mac OS, apply Security Update 2021-007 Catalina. As a temporary workaround, consider avoiding the use of malicious audio files until a patch is available.