The issue was addressed with improved permissions logic. This issue is fixed in iOS 14.6 and iPadOS 14.6. A user may be unable to fully delete browsing history.

Released May 24, 2021

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day Initiative

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: This issue was addressed with improved checks.

CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro

**AVEVideoEncoder**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to cause unexpected system termination or write kernel memory

Description: A race condition was addressed with improved state handling.

CVE-2021-30714: @08Tc3wBB of ZecOps, and George Nosenko

**CommCenter**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A device may accept invalid activation results

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30729: CHRISTIAN MINA

**Core Services**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to gain root privileges

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2021-30681: Zhongcheng Li (CK01)

**CoreAudio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30686: Mickey Jin of Trend Micro

**CoreText**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An out-of-bounds read was addressed with improved input validation

Description: Processing a maliciously crafted font may result in the disclosure of process memory.

CVE-2021-30733: Sunglin from the Knownsec 404

CVE-2021-30753: Xingwei Lin of Ant Security Light-Year Lab

Entry added July 21, 2021

**Crash Reporter**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30727: Cees Elzinga

**CVMS**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to elevate  their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro

**FontParser**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30771: Mickey Jin (@patch1t) of Trend Micro, CFF of Topsec Alpha Team

Entry added January 19, 2022

**Heimdal**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local user may be able to leak sensitive user information

Description: A logic issue was addressed with improved state management.

CVE-2021-30697: Gabe Kirkpatrick (@gabe\_k)

**Heimdal**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may cause a denial of service or potentially disclose memory contents

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30710: Gabe Kirkpatrick (@gabe\_k)

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to disclosure of user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to disclosure of user information

Description: This issue was addressed with improved checks.

CVE-2021-30700: Ye Zhang(@co0py\_Cat) of Baidu Security

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of Baidu Security

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted ASTC file may disclose memory contents

Description: This issue was addressed with improved checks.

CVE-2021-30705: Ye Zhang of Baidu Security

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: This issue was addressed with improved checks

Description: Processing a maliciously crafted image may lead to disclosure of user information.

CVE-2021-30706: Anonymous working with Trend Micro Zero Day Initiative, Jzhu working with Trend Micro Zero Day Initiative

Entry added July 21, 2021

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30740: Linus Henze (pinauten.de)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may disclose restricted memory

Description: This issue was addressed with improved checks.

CVE-2021-30674: Siddharth Aeri (@b1n4r1b01)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved state management.

CVE-2021-30704: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted message may lead to a denial of service

Description: A logic issue was addressed with improved state management.

CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved size validation.

CVE-2021-30736: Ian Beer of Google Project Zero

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A double free issue was addressed with improved memory management

Description: An application may be able to execute arbitrary code with kernel privileges.

CVE-2021-30703: an anonymous researcher

Entry added July 21, 2021

**LaunchServices**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to break out of its sandbox

Description: This issue was addressed with improved environment sanitization.

CVE-2021-30677: Ron Waisberg (@epsilan)

**Mail**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted mail message may lead to unexpected memory modification or application termination

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30741: SYMaster of ZecOps Mobile EDR Team

**MediaRemote**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A privacy issue in Now Playing was addressed with improved permissions

Description: A local attacker may be able to view Now Playing information from the lock screen.

CVE-2021-30756: Ricky D'Amelio, Jatayu Holznagel (@jholznagel)

Entry added July 21, 2021

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An information disclosure issue was addressed with improved state management.

CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro

CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro

CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro

CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A validation issue was addressed with improved logic.

CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: This issue was addressed with improved checks.

CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro

**Networking**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a maliciously crafted webpage may lead to a system denial of service

Description: A logic issue was addressed with improved state management.

CVE-2021-1821: Georgi Valkov (httpstorm.com)

Entry added January 19, 2022

**Notes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the lockscreen

Description: A window management issue was addressed with improved state management.

CVE-2021-30699: videosdebarraquito

**Safari**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be unable to fully delete browsing history

Description: The issue was addressed with improved permissions logic.

CVE-2021-30999: an anonymous researcher

Entry added May 25, 2022

**Security**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted certificate may lead to arbitrary code execution

Description: A memory corruption issue in the ASN.1 decoder was addressed by removing the vulnerable code.

CVE-2021-30737: xerub

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A cross-origin issue with iframe elements was addressed with improved tracking of security origins.

CVE-2021-30744: Dan Hite of jsontop

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-21779: Marcin Towalski of Cisco Talos

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to leak sensitive user information

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30682: Prakash (@1lastBr3ath)

Entry updated on July 21, 2021

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2021-30689: an anonymous researcher

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab, ASU. working with Trend Micro Zero Day Initiative

CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems) working with Trend Micro Zero Day Initiative

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may be able to access restricted ports on arbitrary servers

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30720: David Schütz (@xdavidhu)

**WebRTC**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause a denial of service

Description: A null pointer dereference was addressed with improved input validation.

CVE-2021-23841: Tavis Ormandy of Google

CVE-2021-30698: Tavis Ormandy of Google

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in WiFi range may be able to force a client to use a less secure authentication mechanism

Description: A logic issue was addressed with improved validation.

CVE-2021-30667: Raul Siles of DinoSec (@dinosec)

CVE-2021-30999: About the security content of iOS 14.6 and iPadOS 14.6

Description: A permissions issue was addressed with improved validation. This issue is fixed in watchOS 7.6, tvOS 14.7, macOS Big Sur 11.5. A malicious application may be able to bypass certain Privacy preferences.

Released July 19, 2021

**Analytics**

Available for: Apple TV 4K and Apple TV HD

Impact: A local attacker may be able to access analytics data

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30871: Denis Tokarev (@illusionofcha0s)

Entry added May 25, 2022

**App Store**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A permissions issue was addressed with improved validation.

CVE-2021-31006: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added May 25, 2022

**Audio**

Available for: Apple TV 4K and Apple TV HD

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30781: tr3e

**AVEVideoEncoder**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30748: George Nosenko

Entry added January 19, 2022

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30775: JunDong Xie of Ant Security Light-Year Lab

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Playing a malicious audio file may lead to an unexpected application termination

Description: A logic issue was addressed with improved validation.

CVE-2021-30776: JunDong Xie of Ant Security Light-Year Lab

**CoreText**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30789: Mickey Jin (@patch1t) of Trend Micro, Sunglin of Knownsec 404 team

**Crash Reporter**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to gain root privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30774:  Yizhuo Wang of Group of Software Security In Progress (G.O.S.S.I.P) at Shanghai Jiao Tong University

**CVMS**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to gain root privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30780: Tim Michaud(@TimGMichaud) of Zoom Video Communications

**dyld**

Available for: Apple TV 4K and Apple TV HD

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved validation.

CVE-2021-30768: Linus Henze (pinauten.de)

**FontParser**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30760: Sunglin of Knownsec 404 team

**FontParser**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents

Description: This issue was addressed with improved checks.

CVE-2021-30788: tr3e working with Trend Micro Zero Day Initiative

**FontParser**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted font file may lead to arbitrary code execution

Description: A stack overflow was addressed with improved input validation.

CVE-2021-30759: hjy79425575 working with Trend Micro Zero Day Initiative

**Identity Service**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to bypass code signing checks

Description: An issue in code signature validation was addressed with improved checks.

CVE-2021-30773: Linus Henze (pinauten.de)

**Image Processing**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30802: Matthew Denton of Google Chrome Security

**ImageIO**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30779: Jzhu, Ye Zhang(@co0py\_Cat) of Baidu Security

**ImageIO**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30785: CFF of Topsec Alpha Team, Mickey Jin (@patch1t) of Trend Micro

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious attacker with arbitrary read and write capability may be able to bypass Pointer Authentication

Description: A logic issue was addressed with improved state management.

CVE-2021-30769: Linus Henze (pinauten.de)

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An attacker that has already achieved kernel code execution may be able to bypass kernel memory mitigations

Description: A logic issue was addressed with improved validation.

CVE-2021-30770: Linus Henze (pinauten.de)

**libxml2**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker may be able to cause arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-3518

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30758: Christoph Guttandin of Media Codings

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30795: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to code execution

Description: This issue was addressed with improved checks.

CVE-2021-30797:  Ivan Fratric of Google Project Zero

CVE-2021-31006: About the security content of tvOS 14.7

This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

Released October 26, 2021

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

Entry added May 25, 2022

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

Entry updated May 25, 2022

**CoreGraphics**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Sidecar**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

**Status Bar**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the Lock Screen

Description: A Lock Screen issue was addressed with improved state management.

CVE-2021-30918: videosdebarraquito

**Voice Control**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior 

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash (@1lastBr3ath)

CVE-2021-30903: About the security content of iOS 14.8.1 and iPadOS 14.8.1

A memory corruption issue was addressed with improved input validation. This issue is fixed in macOS Big Sur 11.6, watchOS 8, tvOS 15, iOS 14.8 and iPadOS 14.8, iOS 15 and iPadOS 15. Processing a maliciously crafted image may lead to arbitrary code execution.

Released September 20, 2021

**Accessory Manager**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory consumption issue was addressed with improved memory handling.

CVE-2021-30837: Siddharth Aeri (@b1n4r1b01)

**AppleMobileFileIntegrity**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to read sensitive information

Description: This issue was addressed with improved checks.

CVE-2021-30811: an anonymous researcher working with Compartir

**Apple Neural Engine**

Available for devices with Apple Neural Engine: iPhone 8 and later, iPad Pro (3rd generation) and later, iPad Air (3rd generation) and later, and iPad mini (5th generation) 

Impact: A malicious application may be able to execute arbitrary code with system privileges on devices with an Apple Neural Engine

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30838: proteas wang

**bootp**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A device may be passively tracked by its WiFi MAC address

Description: A user privacy issue was addressed by removing the broadcast MAC address.

CVE-2021-30866: Fabien Duchêne of UCLouvain (Belgium)

Entry added October 25, 2021

**CoreAudio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a malicious audio file may result in unexpected application termination or arbitrary code execution

Description: A logic issue was addressed with improved state management.

CVE-2021-30834: JunDong Xie of Ant Security Light-Year Lab

Entry added October 25, 2021

**CoreGraphics**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2021-30928: Mickey Jin (@patch1t) of Trend Micro

Entry added January 19, 2022

**CoreML**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30825: hjy79425575 working with Trend Micro Zero Day Initiative

**Face ID**

Available for devices with Face ID: iPhone X, iPhone XR, iPhone XS (all models), iPhone 11 (all models), iPhone 12 (all models), iPad Pro (11-inch), and iPad Pro (3rd generation)

Impact: A 3D model constructed to look like the enrolled user may be able to authenticate via Face ID

Description: This issue was addressed by improving Face ID anti-spoofing models.

CVE-2021-30863: Wish Wu (吴潍浠 @wish\_wu) of Ant Group Tianqiong Security Lab

Entry updated January 19, 2022

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker with physical access to a device may be able to see private contact information

Description: The issue was addressed with improved permissions logic.

CVE-2021-30816: Atharv (@atharv0x0)

Entry added October 25, 2021

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application with microphone permission may unexpectedly access microphone input during a FaceTime call

Description: A logic issue was addressed with improved validation.

CVE-2021-30882: Adam Bellard and Spencer Reitman of Airtime

Entry added October 25, 2021

**FontParser**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted font may result in the disclosure of process memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30831: Xingwei Lin of Ant Security Light-Year Lab

Entry added October 25, 2021

**FontParser**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30840: Xingwei Lin of Ant Security Light-Year Lab

Entry added October 25, 2021

**FontParser**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted dfont file may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30841: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30842: Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30843: Xingwei Lin of Ant Security Light-Year Lab

**Foundation**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-30852: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

Entry added October 25, 2021

**iCloud Photo Library**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to access photo metadata without needing permission to access photos

Description: The issue was addressed with improved authentication.

CVE-2021-30867: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 25, 2021

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved input validation.

CVE-2021-30814: hjy79425575

Entry added October 25, 2021

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30835: Ye Zhang of Baidu Security

CVE-2021-30847: Mike Zhang of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2021-30857: Manish Bhatt of Red Team X @Meta, Zweig of Kunlun Lab

Entry updated May 25, 2022

**libexpat**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A remote attacker may be able to cause a denial of service

Description: This issue was addressed by updating expat to version 2.4.1.

CVE-2013-0340: an anonymous researcher

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30819: Apple

**NetworkExtension**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A VPN configuration may be installed by an app without user permission

Description: An authorization issue was addressed with improved state management.

CVE-2021-30874: Javier Vieira Boccardo (linkedin.com/javier-vieira-boccardo)

Entry added October 25, 2021

**Preferences**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to access restricted files

Description: A validation issue existed in the handling of symlinks. This issue was addressed with improved validation of symlinks.

CVE-2021-30855: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Preferences**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A sandboxed process may be able to circumvent sandbox restrictions

Description: A logic issue was addressed with improved state management.

CVE-2021-30854: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Privacy**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to access some of the user's Apple ID information, or recent in-app search terms

Description: An access issue was addressed with additional sandbox restrictions on third party applications.

CVE-2021-30898: Steven Troughton-Smith of High Caffeine Content (@stroughtonsmith)

Entry added January 19, 2022

**Quick Look**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Previewing an html file attached to a note may unexpectedly contact remote servers

Description: A logic issue existed in the handling of document loads. This issue was addressed with improved state management.

CVE-2021-30870: Saif Hamed Al Hinai Oman CERT

Entry added October 25, 2021

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to bypass Privacy preferences

Description: The issue was addressed with improved permissions logic.

CVE-2021-30925: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added January 19, 2022

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to modify protected parts of the file system

Description: This issue was addressed with improved checks.

CVE-2021-30808: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added October 25, 2021

**Siri**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to view contacts from the lock screen

Description: A lock screen issue allowed access to contacts on a locked device. This issue was addressed with improved state management.

CVE-2021-30815: Anshraj Srivastava (@AnshrajSrivas14) of UKEF

Entry updated January 19, 2022

**Telephony**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in a privileged network position may be able to leak sensitive user information

Description: An access issue was addressed with improved access restrictions.

CVE-2021-31001: Rajanish Pathak (@h4ckologic) and Hardik Mehta (@hardw00t)

Entry added May 25, 2022

**Telephony**

Available for: iPhone SE (1st generation), iPad Pro 12.9-inch, iPad Air 2, iPad (5th generation), and iPad mini 4

Impact: In certain situations, the baseband would fail to enable integrity and ciphering protection

Description: A logic issue was addressed with improved state management.

CVE-2021-30826: CheolJun Park, Sangwook Bae and BeomSeok Oh of KAIST SysSec Lab

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Turning off "Block all remote content" may not apply to all remote content types

Description: A logic issue was addressed with improved state management.

CVE-2021-31005: Jonathan Austin of Wells Fargo, Attila Soki

Entry added March 31, 2022

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-31008

Entry added March 31, 2022

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website may exfiltrate data cross-origin

Description: An issue existed in the specification for the resource timing API. The specification was updated and the updated specification was implemented.

CVE-2021-30897: an anonymous researcher

Entry added January 19, 2022

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Visiting a maliciously crafted website may reveal a user's browsing history

Description: The issue was resolved with additional restrictions on CSS compositing.

CVE-2021-30884: an anonymous researcher

Entry added October 25, 2021

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved state handling.

CVE-2021-30818: Amar Menezes (@amarekano) of Zon8Research

Entry added October 25, 2021

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted audio file may disclose restricted memory

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30836: Peter Nguyen Vu Hoang of STAR Labs

Entry added October 25, 2021

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30809: an anonymous researcher

Entry added October 25, 2021

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30846: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30848: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: Multiple memory corruption issues were addressed with improved memory handling.

CVE-2021-30849: Sergei Glazunov of Google Project Zero

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to code execution

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30851: Samuel Groß of Google Project Zero

**Wi-Fi**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in physical proximity may be able to force a user onto a malicious Wi-Fi network during device setup

Description: An authorization issue was addressed with improved state management.

CVE-2021-30810: Peter Scott

Entry updated January 19, 2022

CVE-2021-30928: About the security content of iOS 15 and iPadOS 15

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, macOS Big Sur 11.6.2. A malicious application may be able to bypass Privacy preferences.

Released December 13, 2021

**Airport**

Available for: macOS Monterey

Impact: A device may be passively tracked via BSSIDs

Description: An access issue was addressed with improved access restrictions.

CVE-2021-30987: Jason Meller, Fritz Ifert-Miller, and Joseph Sokol-Margolis of Kolide

**Archive Utility**

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30950: @gorelics

**Audio**

Available for: macOS Monterey

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

**Bluetooth**

Available for: macOS Monterey

Impact: A device may be passively tracked by its Bluetooth MAC address

Description: A device configuration issue was addressed with an updated configuration.

CVE-2021-30986: Min (Spark) Zheng, Xiaolong Bai of Alibaba Inc.

**CFNetwork Proxies**

Available for: macOS Monterey

Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations

Description: A logic issue was addressed with improved state management.

CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)

**ColorSync**

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

**CoreAudio**

Available for: macOS Monterey

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

**CoreAudio**

Available for: macOS Monterey

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

**Crash Reporter**

Available for: macOS Monterey

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Graphics Drivers**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

**ImageIO**

Available for: macOS Monterey

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

**Intel Graphics Driver**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher

**IOMobileFrameBuffer**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30996: Saar Amar (@AmarSaar)

**IOUSBHostFamily**

Available for: macOS Monterey

Impact: A remote attacker may be able to cause unexpected application termination or heap corruption

Description: A race condition was addressed with improved locking.

CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

**Kernel**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

**Kernel**

Available for: macOS Monterey

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

**Kernel**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

**Kernel**

Available for: macOS Monterey

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

**Kernel**

Available for: macOS Monterey

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30955: Zweig of Kunlun Lab

**LaunchServices**

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30976: chenyuwang (@mzzzz\_\_) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

**LaunchServices**

Available for: macOS Monterey

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved validation.

CVE-2021-30990: Ron Masas of BreakPoint.sh

**Model I/O**

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30971: Ye Zhang (@co0py\_Cat) of Baidu Security

**Model I/O**

Available for: macOS Monterey

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30973: Ye Zhang (@co0py\_Cat) of Baidu Security

**Model I/O**

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**Model I/O**

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: macOS Monterey

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**Preferences**

Available for: macOS Monterey

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

**Sandbox**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

**Sandbox**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics

**Sandbox**

Available for: macOS Monterey

Impact: An application may be able to access a user's files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

**Script Editor**

Available for: macOS Monterey

Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions

Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

CVE-2021-30975: Ryan Pickren (ryanpickren.com)

**TCC**

Available for: macOS Monterey

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

**TCC**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30964: Andy Grant of Zoom Video Communications

**TCC**

Available for: macOS Monterey

Impact: A malicious application may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2021-30970: Jonathan Bar Or of Microsoft

**TCC**

Available for: macOS Monterey

Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients

Description: A logic issue was addressed with improved state management.

CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30934: Dani Biro

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

CVE-2021-30951: Pangu

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30952: WeBin

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30984: Kunlun Lab

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30953: VRIJ

**WebKit**

Available for: macOS Monterey

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-30954: Kunlun Lab

**Wi-Fi**

Available for: macOS Monterey

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: This issue was addressed with improved checks.

CVE-2021-30938: Xinru Chi of Pangu Lab

CVE-2021-30970: About the security content of macOS Monterey 12.1

A logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.1, watchOS 8.3, iOS 15.2 and iPadOS 15.2, tvOS 15.2. User traffic might unexpectedly be leaked to a proxy server despite PAC configurations.

Released December 13, 2021

**Audio**

Available for: Apple Watch Series 3 and later

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

**CFNetwork Proxies**

Available for: Apple Watch Series 3 and later

Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations

Description: A logic issue was addressed with improved state management.

CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)

**ColorSync**

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

**CoreAudio**

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

**CoreAudio**

Available for: Apple Watch Series 3 and later

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

**Crash Reporter**

Available for: Apple Watch Series 3 and later

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**ImageIO**

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

**Kernel**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Kernel**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

**Kernel**

Available for: Apple Watch Series 3 and later

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

**Kernel**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

**Kernel**

Available for: Apple Watch Series 3 and later

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

**Kernel**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30955: Zweig of Kunlun Lab

**Preferences**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

**Sandbox**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

**Sandbox**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics

**Sandbox**

Available for: Apple Watch Series 3 and later

Impact: An application may be able to access a user's files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

**TCC**

Available for: Apple Watch Series 3 and later

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

**TCC**

Available for: Apple Watch Series 3 and later

Impact: A malicious application may be able to bypass Privacy preferences

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30964: Andy Grant of Zoom Video Communications

**WebKit**

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30934: Dani Biro

**WebKit**

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

CVE-2021-30951: Pangu

**WebKit**

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30952: WeBin

**WebKit**

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30984: Kunlun Lab

**WebKit**

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30953: VRIJ

**WebKit**

Available for: Apple Watch Series 3 and later

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-30954: Kunlun Lab

CVE-2021-30966: About the security content of watchOS 8.3

This issue was addressed with improved handling of file metadata. This issue is fixed in iOS 15.2 and iPadOS 15.2. A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata.

Released December 13, 2021

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30960: JunDong Xie of Ant Security Light-Year Lab

**CFNetwork Proxies**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: User traffic might unexpectedly be leaked to a proxy server despite PAC configurations

Description: A logic issue was addressed with improved state management.

CVE-2021-30966: Michal Rajcan of Jamf, Matt Vlasach of Jamf (Wandera)

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. 

CVE-2021-30926: Jeremy Brown

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

**CoreAudio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted audio file may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30957: JunDong Xie of Ant Security Light-Year Lab

**CoreAudio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

**Crash Reporter**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**FaceTime**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user in a FaceTime call may unexpectedly leak sensitive user information through Live Photos metadata

Description: This issue was addressed with improved handling of file metadata.

CVE-2021-30992: Aaron Raimist

**ImageIO**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30996: Saar Amar (@AmarSaar)

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30983: Pangu

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30985: Tielei Wang of Pangu Lab

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30991: Tielei Wang of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An attacker in a privileged network position may be able to execute arbitrary code

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30993: OSS-Fuzz, Ned Williamson of Google Project Zero

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30955: Zweig of Kunlun Lab

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30971: Ye Zhang (@co0py\_Cat) of Baidu Security

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30973: Ye Zhang (@co0py\_Cat) of Baidu Security

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**NetworkExtension**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to read sensitive information

Description: A permissions issue was addressed with improved validation.

CVE-2021-30967: Denis Tokarev (@illusionofcha0s)

**NetworkExtension**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to identify what other applications a user has installed

Description: A permissions issue was addressed with improved validation.

CVE-2021-30988: Denis Tokarev (@illusionofcha0s)

**Notes**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to access contacts from the lock screen

Description: The issue was addressed with improved permissions logic.

CVE-2021-30932: Kevin Böttcher

**Password Manager**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A person with physical access to an iOS device may be able to access stored passwords without authentication

Description: An inconsistent user interface issue was addressed with improved state management.

CVE-2021-30948: Patrick Glogner

**Preferences**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics

**Sandbox**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to access a user's files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

**TCC**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

**TCC**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to bypass Privacy preferences

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30964: Andy Grant of Zoom Video Communications

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30934: Dani Biro

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30936: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

CVE-2021-30951: Pangu

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30952: WeBin

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A race condition was addressed with improved state handling.

CVE-2021-30984: Kunlun Lab

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30953: VRIJ

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-30954: Kunlun Lab

CVE-2021-30992: About the security content of iOS 15.2 and iPadOS 15.2

A logic issue was addressed with improved validation. This issue is fixed in Security Update 2021-008 Catalina, macOS Big Sur 11.6.2. An application may be able to execute arbitrary code with kernel privileges.

Released December 13, 2021

**Archive Utility**

Available for: macOS Big Sur

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30950: @gorelics

**Bluetooth**

Available for: macOS Big Sur

Impact: A malicious application may be able to disclose kernel memory

Description: A logic issue was addressed with improved validation.

CVE-2021-30931: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

**Bluetooth**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A logic issue was addressed with improved validation.

CVE-2021-30935: an anonymous researcher

**ColorSync**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation. 

CVE-2021-30942: Mateusz Jurczyk of Google Project Zero

**CoreAudio**

Available for: macOS Big Sur

Impact: Parsing a maliciously crafted audio file may lead to disclosure of user information

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30959: JunDong Xie of Ant Security Light-Year Lab

CVE-2021-30961: an anonymous researcher

CVE-2021-30963: JunDong Xie of Ant Security Light-Year Lab

**CoreAudio**

Available for: macOS Big Sur

Impact: Playing a malicious audio file may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30958: JunDong Xie of Ant Security Light-Year Lab

**Crash Reporter**

Available for: macOS Big Sur

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30945: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**Graphics Drivers**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30977: Jack Dates of RET2 Systems, Inc.

**Help Viewer**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted URL may cause unexpected JavaScript execution from a file on disk

Description: A path handling issue was addressed with improved validation.

CVE-2021-30969: Zhipeng Huo (@R3dF09) and Yuebin Sun (@yuebinsun2020) of Tencent Security Xuanwu Lab (xlab.tencent.com)

**ImageIO**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30939: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab, Mickey Jin (@patch1t) of Trend Micro

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A buffer overflow was addressed with improved bounds checking.

CVE-2021-30981: Liu Long of Ant Security Light-Year Lab, an anonymous researcher

**IOUSBHostFamily**

Available for: macOS Big Sur

Impact: A remote attacker may be able to cause unexpected application termination or heap corruption

Description: A race condition was addressed with improved locking.

CVE-2021-30982: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30927: Xinru Chi of Pangu Lab

CVE-2021-30980: Xinru Chi of Pangu Lab

**Kernel**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption vulnerability was addressed with improved locking.

CVE-2021-30937: Sergei Glazunov of Google Project Zero

**Kernel**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30949: Ian Beer of Google Project Zero

**LaunchServices**

Available for: macOS Big Sur

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved validation.

CVE-2021-30990: Ron Masas of BreakPoint.sh

**LaunchServices**

Available for: macOS Big Sur

Impact: A malicious application may bypass Gatekeeper checks

Description: A logic issue was addressed with improved state management.

CVE-2021-30976: chenyuwang (@mzzzz\_\_) and Kirin (@Pwnrin) of Tencent Security Xuanwu Lab

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30929: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30979: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30940: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

CVE-2021-30941: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved input validation.

CVE-2021-30973: Ye Zhang (@co0py\_Cat) of Baidu Security

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may lead to unexpected application termination or arbitrary code execution

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30971: Ye Zhang (@co0py\_Cat) of Baidu Security

**Preferences**

Available for: macOS Big Sur

Impact: A malicious application may be able to elevate privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30995: Mickey Jin (@patch1t) of Trend Micro, Mickey Jin (@patch1t)

**Sandbox**

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A validation issue related to hard link behavior was addressed with improved sandbox restrictions.

CVE-2021-30968: Csaba Fitzl (@theevilbit) of Offensive Security

**Sandbox**

Available for: macOS Big Sur

Impact: An application may be able to access a user's files

Description: An access issue was addressed with additional sandbox restrictions.

CVE-2021-30947: Csaba Fitzl (@theevilbit) of Offensive Security

**Sandbox**

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass certain Privacy preferences

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30946: @gorelics

**Script Editor**

Available for: macOS Big Sur

Impact: A malicious OSAX scripting addition may bypass Gatekeeper checks and circumvent sandbox restrictions

Description: This issue was addressed by disabling execution of JavaScript when viewing a scripting dictionary.

CVE-2021-30975: Ryan Pickren (ryanpickren.com)

**TCC**

Available for: macOS Big Sur

Impact: A local user may be able to modify protected parts of the file system

Description: A logic issue was addressed with improved state management.

CVE-2021-30767: @gorelics

**TCC**

Available for: macOS Big Sur

Impact: A malicious application may be able to bypass Privacy preferences

Description: A logic issue was addressed with improved state management.

CVE-2021-30970: Jonathan Bar Or of Microsoft

**TCC**

Available for: macOS Big Sur

Impact: A malicious application may be able to cause a denial of service to Endpoint Security clients

Description: A logic issue was addressed with improved state management.

CVE-2021-30965: Csaba Fitzl (@theevilbit) of Offensive Security

**Wi-Fi**

Available for: macOS Big Sur

Impact: A local user may be able to cause unexpected system termination or read kernel memory

Description: This issue was addressed with improved checks.

CVE-2021-30938: Xinru Chi of Pangu Lab

CVE-2021-30935: About the security content of macOS Big Sur 11.6.2

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Released October 25, 2021

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30876: Jeremy Brown, hjy79425575

CVE-2021-30879: Jeremy Brown, hjy79425575

CVE-2021-30877: Jeremy Brown

CVE-2021-30880: Jeremy Brown

**Audio**

Available for: macOS Big Sur

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**Bluetooth**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

**ColorSync**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: macOS Big Sur

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

Entry added January 19, 2022

**CoreAudio**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

Entry added January 19, 2022

**CoreGraphics**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**FileProvider**

Available for: macOS Big Sur

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

**GPU Drivers**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

Entry added January 19, 2022

**iCloud**

Available for: macOS Big Sur

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30901: Zuozhi Fan (@pattern\_F\_) of Ant Security TianQiong Lab, Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

CVE-2021-30922: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab, an anonymous researcher

Entry updated January 19, 2022

**IOGraphics**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications

**IOMobileFrameBuffer**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Kernel**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**SMB**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: An unprivileged application may be able to edit NVRAM variables

Description: The issue was addressed with improved permissions logic.

CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: A malicious application may gain access to a user's Keychain items

Description: The issue was addressed with improved permissions logic.

CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**UIKit**

Available for: macOS Big Sur

Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos

**Windows Server**

Available for: macOS Big Sur

Impact: A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2021-30908: ASentientBot

**xar**

Available for: macOS Big Sur

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2021-30833: Richard Warren of NCC Group

Entry added January 19, 2022

**zsh**

Available for: macOS Big Sur

Impact: A malicious application may be able to modify protected parts of the file system

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30892: Jonathan Bar Or of Microsoft

CVE-2021-30922: About the security content of macOS Big Sur 11.6.1

XStream is a simple library to serialize objects to XML and back again. In affected versions this vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types. XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

**Impact**

The vulnerability may allow a remote attacker to load and execute arbitrary code from a remote host only by manipulating the processed input stream. No user is affected, who followed the recommendation to setup XStream's security framework with a whitelist limited to the minimal required types.

**Patches**

XStream 1.4.18 uses no longer a blacklist by default, since it cannot be secured for general purpose.

**Workarounds**

See workarounds for the different versions covering all CVEs.

**References**

See full information about the nature of the vulnerability and the steps to reproduce it in XStream's documentation for CVE-2021-39147.

**Credits**

wh1t3p1g from TSRC (Tencent Security Response Center) found and reported the issue to XStream and provided the required information to reproduce it.

**For more information**

If you have any questions or comments about this advisory:

*   Open an issue in XStream
*   Contact us at XStream Google Group

Tag

#google