A vulnerability has been identified in Teamcenter V12.4 (All versions < V12.4.0.8), Teamcenter V13.0 (All versions < V13.0.0.7), Teamcenter V13.1 (All versions < V13.1.0.5), Teamcenter V13.2 (All versions < 13.2.0.2). The "surrogate" functionality on the user profile of the application does not perform sufficient access control that could lead to an account takeover. Any profile on the application can perform this attack and access any other user assigned tasks via the "inbox/surrogate tasks".

%PDF-1.5 %���� 1 0 obj << /D \[2 0 R /XYZ 70.866 771.024 null\] >> endobj 3 0 obj << /D \[2 0 R /XYZ 70.866 646.963 null\] >> endobj 4 0 obj << /D \[2 0 R /XYZ 70.866 598.838 null\] >> endobj 5 0 obj << /D \[2 0 R /XYZ 70.866 370.413 null\] >> endobj 6 0 obj << /D \[2 0 R /XYZ 70.866 281.442 null\] >> endobj 7 0 obj << /D \[8 0 R /XYZ 85.039 337.375 null\] >> endobj 9 0 obj << /D \[10 0 R /XYZ 70.866 713.397 null\] >> endobj 11 0 obj << /S /GoTo /D \[2 0 R /Fit\] >> endobj 2 0 obj << /Contents 12 0 R /Type /Page /Resources 13 0 R /Parent 14 0 R /Annots \[15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R\] /MediaBox \[0 0 595.276 841.89\] >> endobj 15 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 497.876 446.757 510.783\] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 461.478 446.757 474.385\] >> endobj 17 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 425.08 446.757 437.986\] >> endobj 18 0 obj << /A << /S /URI /Type /Action /URI (https://support.sw.siemens.com/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 388.682 446.757 401.588\] >> endobj 19 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[164.798 189.37 487.754 200.907\] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[406.699 159.602 525.406 171.019\] >> endobj 22 0 obj << /A << /S /URI /Type /Action /URI (https://www.first.org/cvss/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[131.954 722.78 248.203 734.316\] >> endobj 13 0 obj << /ProcSet \[/PDF /Text\] /Font << /F50 23 0 R /F47 24 0 R >> >> endobj 12 0 obj << /Filter /FlateDecode /Length 2674 >> stream x��Z�s�6�\_��R3B|D�^T\[鹍�,��I��H��+E�"e\_���@Y�(�9s3��C $���.wx/�~>�iz��P�&:d�7��T@�0���DR�M���&M�I^�LE�M2۬C\*������iY� |7�m�������|3��Ǔ�=�>��l<=��C�G��Dq�͖g\_~�9<��ב�h�\\zBr"��̻9��Y���� �(��! "�E3D+�%i�#�'Z(�� � #����PGJ���@TJBY��% m�ޥ��Q/��n�i\*��W��JWYr�=������K��>�!��CB�����}$��n��i�&˓u�-��\*M�CI8 ���I8$R� P\[�t�$��\_Pٔ$�\[g C��8�\`tڇ�RDs��8�6�� �x9K�\*Y!����x�dn$�\[:7:�tWi�\[и���-�K$��F��R���!�D��N���s���YRQzl����7�5�m'~D ɺ��a���?Q���tsc'=���w?�e�poV��J,� u��P֪�s\[��t��(��v�,���@K�WW��@�o����A&�Ĉ� 9a\`��1(�юE�LS?Eׁ�� ���Y���-����~�$v�����)۝i��2���i�Z1�h��E��C�%G'.�t�C�~��\_�%��R�H�t4�^ i���t��?v��$�����g�\`\_\\^\\O���s{��꽽��\*C��ʫm(��q���"�ϟ�H�X|�c0�1.-�O�2�}ln��N��jn�7Ʊ�; �1���>�7h��#+vA+�֊%�8w�bw �r=�����}�0M��R ' G�\\��H��./��f����P� t�p����|:�h��L�@�Y \`�%�r݋��%i�H��=�?Np�\\\_ܞOoZ$М��4thе &��S \*�g�-�gҌ�g�v�8�"4\]�#1!U��������->���<) 5�\_Z밑���x��4$�\` �E^��FX���W�������4�c�T�.��a�Jk��Ļ�I�k�|9(Ñ䜄�}9���k 2�?���=���� c��-���U����P�{�Bx

CVE-2021-40354

A vulnerability has been identified in SIMATIC CP 1543-1 (incl. SIPLUS variants) (All versions < V3.0), SIMATIC CP 1545-1 (All versions < V1.1). An attacker with access to the subnet of the affected device could retrieve sensitive information stored in cleartext.

%PDF-1.5 %���� 1 0 obj << /D \[2 0 R /XYZ 70.866 771.024 null\] >> endobj 3 0 obj << /D \[2 0 R /XYZ 70.866 630.026 null\] >> endobj 4 0 obj << /D \[2 0 R /XYZ 70.866 581.902 null\] >> endobj 5 0 obj << /D \[2 0 R /XYZ 70.866 379.124 null\] >> endobj 6 0 obj << /D \[2 0 R /XYZ 70.866 320.041 null\] >> endobj 7 0 obj << /D \[8 0 R /XYZ 85.039 427.664 null\] >> endobj 9 0 obj << /D \[8 0 R /XYZ 70.866 240.227 null\] >> endobj 10 0 obj << /S /GoTo /D \[2 0 R /Fit\] >> endobj 2 0 obj << /Contents 11 0 R /Type /Page /Resources 12 0 R /Parent 13 0 R /Annots \[14 0 R 15 0 R 16 0 R 17 0 R 18 0 R 19 0 R 20 0 R 21 0 R 22 0 R\] /MediaBox \[0 0 595.276 841.89\] >> endobj 14 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109800773/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 446.564 518.276 457.981\] >> endobj 16 0 obj << /A << /S /URI /Type /Action /URI (https://support.industry.siemens.com/cs/ww/en/view/109811116/) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[303.117 404.524 518.276 415.941\] >> endobj 18 0 obj << /A << /S /GoTo /D (section\*.2) >> /Subtype /Link /C \[1 0 0\] /Type /Annot /H /I /Border \[0 0 0\] /Rect \[386.143 336.857 524.579 348.394\] >> endobj 19 0 obj << /A << /S /GoTo /D (section\*.4) >> /Subtype /Link /C \[1 0 0\] /Type /Annot /H /I /Border \[0 0 0\] /Rect \[147.498 319.044 309.548 330.461\] >> endobj 20 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/cert/operational-guidelines-industrial-security) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[164.798 227.968 487.754 239.505\] >> endobj 21 0 obj << /A << /S /URI /Type /Action /URI (https://www.siemens.com/industrialsecurity) >> /C \[0 1 1\] /Subtype /Link /Type /Annot /H /I /Border \[0 0 0\] /Rect \[406.699 198.2 525.406 209.617\] >> endobj 12 0 obj << /ProcSet \[/PDF /Text\] /Font << /F51 23 0 R /F48 24 0 R >> >> endobj 11 0 obj << /Filter /FlateDecode /Length 2670 >> stream xڵZ\[s۶~���ۡf\*WȜ�v

CVE-2021-33716

Backup file without encryption vulnerability is found in Hitachi ABB Power Grids System Data Manager – SDM600 allows attacker to gain access to sensitive information. This issue affects: Hitachi ABB Power Grids System Data Manager – SDM600 1.2 versions prior to FP2 HF6 (Build Nr. 1.2.14002.257).

%PDF-1.7 %���� 2 0 obj << /Lang (de-CH) /MarkInfo << /Marked true >> /Metadata 4 0 R /Outlines 5 0 R /Pages 6 0 R /StructTreeRoot 7 0 R /Type /Catalog /ViewerPreferences 8 0 R >> endobj 4 0 obj << /Length 3363 /Subtype /XML /Type /Metadata >> stream Microsoft® Word for Microsoft 365 Storage of Sensitive Information Vulnerability in Hitachi ABB Power Grids SDM600 Product PG-SIRT Cybersecurity Advisory Microsoft® Word for Microsoft 365 2021-08-25T07:29:52+02:00 2021-08-30T22:40:35+02:00 uuid:8B962337-F841-475E-A4FA-5F3C76CAA03A uuid:8B962337-F841-475E-A4FA-5F3C76CAA03A endstream endobj 18 0 obj << /Filter /FlateDecode /Length 3157 >> stream x��\[Ko�8����^�2ߤ���;��;�x1���O6���Y�a���QE�$J�t�� �n�ɪb=�\*���\_\_>���񥹹�^��<|���o�/���\_~���ߗ��>}~zx���t���| Mo~{��Z5��m���3ֲ��9���N�R4N���������i���6��g�;ޘ�3����g�e���:��t��?�\[o>p�|�����n9ܾ9?��1�WW\\%\\�ҡ��+��W��6�k�.��|�q~�mL��T:�կ��\_���<�?��}#�b�'����K<\]4�����M���T�F�A�,d���hwAx}!��S�+\*mx(^\]�������� ;Gk֯��,M�r�vu�:���r��$|��5\*�m��g��hY��̌�K����Y~�.,�����3����E�Ah��މ�O�۟��9��f=AqLœqN���m�(Yx��G2�S�twy~\]�4�|�}��4�e��������W�|��\\����V�Jr�p����Op��PA+� �H!NZ�M��-�����Gϯ��}�(��ҁ"&�S����f �"��BM�N(^�Qt��8 ����2�{J����$��\]��6��ڢ���ݻms=�7�//�L�����ˡ(��#(����\]kE#���wp-��=\_C��"\_x

CVE-2021-35526

A vulnerability in Base Software for SoftControl allows an attacker to insert and run arbitrary code in a computer running the affected product. This issue affects: .

%PDF-1.4 %����� 47 0 obj << /Filter /FlateDecode /Length 48 0 R /Length1 754 /Length2 1730 /Length3 533 >> stream x��Ry<���Fc�^Y~�mf��!L�DFd�n����3�1�ұ��8B$KH�e4�F E�B�pGhQͩ3ǹ�ֽ��s���������y���}�﫮��J��F�\]����X�X\[�X�#�:��\* �:��t�\*�uu ފR���'���A0�D���t�����w4����@�/m�b�T 9��nU�� �����l���U?�I��I މD�� ��0�{��fA ���u�"\`�a.kJ ��'Q}C$��Ѱ�@p�!�H<��h��J��a��@�A�a�\\%��Of �0�u\`��^;Xh0���n ��:0\`8\*�;� �#���7���é�\`G@�?ܮ�0�7��Y()��6 2�a��蜰��>w�\\Èo��Ӹ~�p�@p������o��ҒD��\`�!@�b����\_1�D�q��T���C��yt�|QW���l�ɾ�')��L��Q�a���� z�%ӷ��mc�>R{��r�)�l��efs'�M���ѧmn��KsdY�d�L @󝮪yJ�I�v�v� >g�����7k��v?=�9J�u����o��Ϡ� J��ԋEw@�\]��<��V��^ؓ�h$ۢ뜞��0�\\��ʗY�g �����Z<ޡƏ��jO�֜@)}�u�\]�eSO�6�����\*�����W{w�I��/\_�W ���am�\_�{D����܀R�t��\`Y��b�ז�J�(�3k��{����y&q�oU�G����$�ᚼZ��r�\\ɦ��ږ�� n��=��Z�Ą\]����OD�<+N�l�!��䥩�\]����>�'w\\�Cv���tw�u@颋G �S�4c�ləA���'L7|��5�t���\[��n.�4�m�����ۉ�ˋМ�aSso�U����ؾ�6����慓�Y :F��T�-Ƴ���o�=�@C�Q��y(9Ͼ��fSQ�hܦ�)�y� �!�솳|C�3�"hBf5��?)�YoZ�P.��3�ǄN|�k��lz46��=O�Е�\[ʍmϖ�£��;Lۜ)�g��$$�ЙH\]�}����D7;|\*����E�"�)q��6��8.U/�\[:ӼW+r�J��w�T�Oϼґ ����I��f��H����#!�7�����TʡeĠ>��޶+��c���D�V��v��.I���!1�l\_���.�f�R|�~/���hS�)�D�0�I#������#�E,5F��s�V^�h�iH��z��=�"� ):�M��O�;�Ŕ&\]��slP�N�����mT�����C��G!�xloL45k�Y�b�\`�'?щY����D��,ڞ^�Y�\*�8b'Ub7)f�R��{���{�{�G�g\]���Gȭ|�3˧f2�6�s �Z\[o:z~��D��$��{���TA� �����S����,�@�4���o~&�����$5�CT��'F���p���Fa/�9�,0�d�r�O�9:\\5#S��i�~��U�>�\[ʳ/ ��� �m�~eL2��5e3DN�B����}�\`2��ʱ˸g�STh����~C��p�y ���e���v����4ޭb��\]��bN��ZF4�d���B�g0�K���{U�3$bm�,�Lm�{��g\]���JV<#��jt��X!������O�°h;=k�3� ��-��P�PsA�\_�����qS�SK� 5���M9��#%��\_�e2H�������Ŗ�%��p������z\*�\\�\_Ω�cĸ�U�\\(�L,�+J�-��٪��W���g����@ؗ�\_��K��.N�\[��ԏ�/�I!��ͻ��������j���닕 ����Tsy��,�N-��^�8a�j߻%f@L�,a�����RQ������W8�7}Ш�L�-���(��+�����\_?��\\Y�~�B�oG\_?�3/��\]w3!(���GY�L�8�0'+��v"�w�>�g��\[�^��Z\[;���^��-i ��$�s�'g��1-��U�<����erauᕿ&J=Ǹ,�n%�y��(ú\*{��8����3�T�Ql�rvW��vUŅ��{�qd�ӵ��Zz-M��3G

CVE-2020-24672

In OPC Foundation Local Discovery Server (LDS) before 1.04.402.463, remote attackers can cause a denial of service (DoS) by sending carefully crafted messages that lead to Access of a Memory Location After the End of a Buffer.

%PDF-1.7 %���� 1 0 obj <>/Metadata 160 0 R/ViewerPreferences 161 0 R>> endobj 2 0 obj <> endobj 3 0 obj <>/ExtGState<>/ProcSet\[/PDF/Text/ImageB/ImageC/ImageI\] >>/Annots\[ 20 0 R 23 0 R 24 0 R 25 0 R 26 0 R\] /MediaBox\[ 0 0 612 792\] /Contents 4 0 R/Group<>/Tabs/S/StructParents 0>> endobj 4 0 obj <> stream x��\[�o�F~7����TqZs� ���9�m.N҇�����%W��濿�YRE.I�DX����f��������wޏ?^�:{s����O73�ˋ��/��<�a,�mzy�������W��'��ayy�A(� �-�LC��|��.��;���\_����� ��ds�\_�ÿ//^A����8\[ .3�X ��r4��H�A�at:�?\*�?���T@����|D���L�n��\`PH�R1\]\*J)h׳��J�Xw0�Q�k�d�ƿ�)\]GפJX����x�~�yޑ��'ڭ8�S ø�4ߛtË'���mo��M�m6�\*���M����8��")R���l'�TǳUh�ڥ���<�����d�|b���t�\_Q7�NB�H����܂��'#i�t̂Хa�\\�'Ε�b��ْ����gw�)�n2����\*��S\`i���jQ�s�Շ����?�0U'��A�4L��s���?��o��� �\_�@��E�g���@3ه�g�����V���P��i��'S�S�� ��Ѣ���h1����-OrC���x�"\`�o���p��I�6�L��&�H�H4�쫿�9ZծȾ���\`��A�xH���������\*�.M��0O$B����5��i(��>˽ܮ��/&1b��{^p�I�ҒO8G\_��j¥��t��Z�x��W"Z���t�|��l��wXJ����A ����~L�(\`�V� ��{�D��&+���,�8Ӗ�tKD�B�R�-�d��7x����+��� f2�d��(��e:~�@7�.q̕�(�xc�IA�%��!�6' QRMa���5T�\[���f�V�ӣ����4"Z�?�H�M�����\`�5R����:��#WF�m�ܭ�� ҺПo�e�.<��L6O�Ҝ�V�1�d�B�\`����>���;���#���n�^��{ :������?�lSl��3�w����O�1É������I�!%�I@{��G��zL ��'�4��x�!�"�{�� ݏ����6�37�툊�������� �P��^���4X��������V��.Z�i:Q.Z���z�nEϯHH�\[�zh��ۻ��=)8\_�D����u��50޳��#��2�L��^ a��::N�Y���%Ai+����r�&'C?L\`5�

CVE-2021-40142

This issue was addressed with improved checks. This issue is fixed in iOS 14.8.1 and iPadOS 14.8.1, iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1. A local attacker may be able to cause unexpected application termination or arbitrary code execution.

Released October 26, 2021

**Audio**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

Entry added May 25, 2022

**ColorSync**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

Entry updated May 25, 2022

**CoreGraphics**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**GPU Drivers**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

**IOMobileFrameBuffer**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Kernel**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Sidecar**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: This issue was addressed with improved checks.

CVE-2021-30903: an anonymous researcher

**Status Bar**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A user may be able to view restricted content from the Lock Screen

Description: A Lock Screen issue was addressed with improved state management.

CVE-2021-30918: videosdebarraquito

**Voice Control**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30902: 08Tc3wBB of ZecOps Mobile EDR Team

**WebKit**

Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)

Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior 

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash (@1lastBr3ath)

CVE-2021-30903: About the security content of iOS 14.8.1 and iPadOS 14.8.1

The issue was addressed with improved permissions logic. This issue is fixed in macOS Monterey 12.0.1, macOS Big Sur 11.6.1. An unprivileged application may be able to edit NVRAM variables.

CVE-2021-30913: About the security content of macOS Monterey 12.0.1

Multiple out-of-bounds write issues were addressed with improved bounds checking. This issue is fixed in macOS Big Sur 11.6.1. A malicious application may be able to execute arbitrary code with kernel privileges.

Released October 25, 2021

**AppleScript**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted AppleScript binary may result in unexpected application termination or disclosure of process memory

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30876: Jeremy Brown, hjy79425575

CVE-2021-30879: Jeremy Brown, hjy79425575

CVE-2021-30877: Jeremy Brown

CVE-2021-30880: Jeremy Brown

**Audio**

Available for: macOS Big Sur

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**Bluetooth**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved state handling.

CVE-2021-30899: Weiteng Chen, Zheng Zhang, and Zhiyun Qian of UC Riverside, and Yu Wang of Didi Research America

**ColorSync**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue in the processing of ICC profiles was addressed with improved input validation.

CVE-2021-30926: Jeremy Brown

Entry added May 25, 2022

**ColorSync**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: macOS Big Sur

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

Entry added January 19, 2022, updated May 25, 2022

**CoreAudio**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

Entry added January 19, 2022

**CoreGraphics**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**FileProvider**

Available for: macOS Big Sur

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

**GPU Drivers**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: An out-of-bounds write issue was addressed with improved bounds checking.

CVE-2021-30900: Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

Entry added January 19, 2022

**iCloud**

Available for: macOS Big Sur

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved state management.

CVE-2021-30824: Antonio Zekic (@antoniozekic) of Diverto

**Intel Graphics Driver**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: Multiple out-of-bounds write issues were addressed with improved bounds checking.

CVE-2021-30901: Zuozhi Fan (@pattern\_F\_) of Ant Security TianQiong Lab, Jack Dates of RET2 Systems, Inc., Liu Long of Ant Security Light-Year Lab, Yinyi Wu (@3ndy1) of Ant Security Light-Year Lab

CVE-2021-30922: Jack Dates of RET2 Systems, Inc., Yinyi Wu (@3ndy1)

Entry updated January 19, 2022, updated May 25, 2022

**IOGraphics**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30821: Tim Michaud (@TimGMichaud) of Zoom Video Communications

**IOMobileFrameBuffer**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: macOS Big Sur

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Kernel**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30916: Zweig of Kunlun Lab

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

**Model I/O**

Available for: macOS Big Sur

Impact: Processing a maliciously crafted USD file may disclose memory contents

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30911: Rui Yang and Xingwei Lin of Ant Security Light-Year Lab

**SMB**

Available for: macOS Big Sur

Impact: A remote attacker may be able to leak memory

Description: A logic issue was addressed with improved state management.

CVE-2021-30844: Peter Nguyen Vu Hoang of STAR Labs

Entry added May 25, 2022

**SMB**

Available for: macOS Big Sur

Impact: A malicious application may be able to execute arbitrary code with kernel privileges

Description: A race condition was addressed with improved locking.

CVE-2021-30868: Peter Nguyen Vu Hoang of STAR Labs

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: An unprivileged application may be able to edit NVRAM variables

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30913: Kirin (@Pwnrin) and chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

Entry updated May 25, 2022

**SoftwareUpdate**

Available for: macOS Big Sur

Impact: A malicious application may gain access to a user's Keychain items

Description: The issue was addressed with improved permissions logic.

CVE-2021-30912: Kirin (@Pwnrin) and chenyuwang (@mzzzz\_\_) of Tencent Security Xuanwu Lab

**UIKit**

Available for: macOS Big Sur

Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos

**Windows Server**

Available for: macOS Big Sur

Impact: A local attacker may be able to view the previous logged-in user’s desktop from the fast user switching screen

Description: An authentication issue was addressed with improved state management.

CVE-2021-30908: ASentientBot

**xar**

Available for: macOS Big Sur

Impact: Unpacking a maliciously crafted archive may allow an attacker to write arbitrary files

Description: This issue was addressed with improved checks.

CVE-2021-30833: Richard Warren of NCC Group

Entry added January 19, 2022

**zsh**

Available for: macOS Big Sur

Impact: A malicious application may be able to modify protected parts of the file system

Description: An inherited permissions issue was addressed with additional restrictions.

CVE-2021-30892: Jonathan Bar Or of Microsoft

CVE-2021-30922: About the security content of macOS Big Sur 11.6.1

This issue was addressed with improved checks. This issue is fixed in iOS 15.1 and iPadOS 15.1, macOS Monterey 12.0.1, tvOS 15.1, watchOS 8.1, macOS Big Sur 11.6.1. A local attacker may be able to elevate their privileges.

Released October 25, 2021

**Audio**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to elevate privileges

Description: An integer overflow was addressed through improved input validation.

CVE-2021-30907: Zweig of Kunlun Lab

**ColorSync**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted image may lead to arbitrary code execution

Description: A memory corruption issue existed in the processing of ICC profiles. This issue was addressed with improved input validation.

CVE-2021-30917: Alexandru-Vlad Niculae and Mateusz Jurczyk of Google Project Zero

**Continuity Camera**

Available for: Apple TV 4K and Apple TV HD

Impact: A local attacker may be able to cause unexpected application termination or arbitrary code execution

Description: An uncontrolled format string issue was addressed with improved input validation.

CVE-2021-30903: Gongyu Ma of Hangzhou Dianzi University

Entry added May 25, 2022

**CoreAudio**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30905: Mickey Jin (@patch1t) of Trend Micro

**CoreGraphics**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution

Description: An out-of-bounds write was addressed with improved input validation.

CVE-2021-30919

**FileProvider**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to bypass Privacy preferences

Description: A permissions issue was addressed with improved validation.

CVE-2021-31007: Csaba Fitzl (@theevilbit) of Offensive Security

Entry added March 31, 2022, updated May 25, 2022

**FileProvider**

Available for: Apple TV 4K and Apple TV HD

Impact: Unpacking a maliciously crafted archive may lead to arbitrary code execution

Description: An input validation issue was addressed with improved memory handling.

CVE-2021-30881: Simon Huang (@HuangShaomang) and pjf of IceSword Lab of Qihoo 360

**Game Center**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to access information about a user's contacts

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30895: Denis Tokarev (@illusionofcha0s)

Entry updated May 25, 2022

**Game Center**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious application may be able to read user's gameplay data

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30896: Denis Tokarev (@illusionofcha0s)

Entry updated May 25, 2022

**iCloud**

Available for: Apple TV 4K and Apple TV HD

Impact: A local attacker may be able to elevate their privileges

Description: This issue was addressed with improved checks.

CVE-2021-30906: Cees Elzinga

**Image Processing**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved input validation.

CVE-2021-30894: Pan ZhenPeng (@Peterpan0927) of Alibaba Security Pandora Lab

**IOMobileFrameBuffer**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges. Apple is aware of a report that this issue may have been actively exploited.

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30883: an anonymous researcher

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: A remote attacker can cause a device to unexpectedly restart

Description: A denial of service issue was addressed with improved state handling.

CVE-2021-30924: Elaman Iskakov (@darling\_x0r) of Effective and Alexey Katkov (@watman27)

Entry added January 19, 2022

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A use after free issue was addressed with improved memory management.

CVE-2021-30886: @0xalsr

**Kernel**

Available for: Apple TV 4K and Apple TV HD

Impact: An application may be able to execute arbitrary code with kernel privileges

Description: A memory corruption issue was addressed with improved memory handling.

CVE-2021-30909: Zweig of Kunlun Lab

**Model I/O**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing a maliciously crafted file may disclose user information

Description: An out-of-bounds read was addressed with improved bounds checking.

CVE-2021-30910: Mickey Jin (@patch1t) of Trend Micro

**UIKit**

Available for: Apple TV 4K and Apple TV HD

Impact: A person with physical access to a device may be able to determine characteristics of a user's password in a secure text entry field

Description: A logic issue was addressed with improved state management.

CVE-2021-30915: Kostas Angelopoulos

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to code execution

Description: A type confusion issue was addressed with improved memory handling.

CVE-2021-31008

Entry added March 31, 2022

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to unexpectedly unenforced Content Security Policy

Description: A logic issue was addressed with improved restrictions.

CVE-2021-30887: Narendra Bhati (@imnarendrabhati) of Suma Soft Pvt. Ltd.

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: A malicious website using Content Security Policy reports may be able to leak information via redirect behavior 

Description: An information leakage issue was addressed.

CVE-2021-30888: Prakash (@1lastBr3ath)

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to arbitrary code execution

Description: A buffer overflow issue was addressed with improved memory handling.

CVE-2021-30889: Chijin Zhou of ShuiMuYuLin Ltd and Tsinghua wingtecher lab

**WebKit**

Available for: Apple TV 4K and Apple TV HD

Impact: Processing maliciously crafted web content may lead to universal cross site scripting

Description: A logic issue was addressed with improved state management.

CVE-2021-30890: an anonymous researcher

CVE-2021-30906: About the security content of tvOS 15.1

An integer overflow was addressed with improved input validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

This document describes the security content of watchOS 7.6.2.

**About Apple security updates**

For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches or releases are available. Recent releases are listed on the Apple security updates page.

Apple security documents reference vulnerabilities by CVE-ID when possible.

For more information about security, see the Apple Product Security page.

**watchOS 7.6.2**

Released September 13, 2021

**CoreGraphics**

Available for: Apple Watch Series 3 and later

Impact: Processing a maliciously crafted PDF may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited.

Description: An integer overflow was addressed with improved input validation.

CVE-2021-30860: The Citizen Lab

**Core Telephony**

Available for: Apple Watch Series 3 and later

Impact: A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release.

Description: A deserialization issue was addressed through improved validation.

CVE-2021-31010: Citizen Lab and Google Project Zero

Entry added May 25, 2022

Information about products not manufactured by Apple, or independent websites not controlled or tested by Apple, is provided without recommendation or endorsement. Apple assumes no responsibility with regard to the selection, performance, or use of third-party websites or products. Apple makes no representations regarding third-party website accuracy or reliability. Contact the vendor for additional information.

Published Date: May 25, 2022

Tag

#pdf