A deserialization issue was addressed through improved validation. This issue is fixed in Security Update 2021-005 Catalina, iOS 12.5.5, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. A sandboxed process may be able to circumvent sandbox restrictions. Apple was aware of a report that this issue may have been actively exploited at the time of release..
The product deserializes untrusted data without sufficiently ensuring that the resulting data will be valid.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ipados | Apple | * | 14.8 (excluding) |
Iphone_os | Apple | 12.0 (including) | 12.5.5 (excluding) |
Iphone_os | Apple | 14.0 (including) | 14.8 (excluding) |
Mac_os_x | Apple | 10.15 (including) | 10.15.7 (excluding) |
Mac_os_x | Apple | 10.15.7 (including) | 10.15.7 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2020 (including) | 10.15.7-security_update_2020 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2020-001 (including) | 10.15.7-security_update_2020-001 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2020-005 (including) | 10.15.7-security_update_2020-005 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2020-007 (including) | 10.15.7-security_update_2020-007 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-001 (including) | 10.15.7-security_update_2021-001 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-002 (including) | 10.15.7-security_update_2021-002 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-003 (including) | 10.15.7-security_update_2021-003 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-006 (including) | 10.15.7-security_update_2021-006 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-007 (including) | 10.15.7-security_update_2021-007 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2021-008 (including) | 10.15.7-security_update_2021-008 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2022-001 (including) | 10.15.7-security_update_2022-001 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2022-002 (including) | 10.15.7-security_update_2022-002 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2022-003 (including) | 10.15.7-security_update_2022-003 (including) |
Mac_os_x | Apple | 10.15.7-security_update_2022-004 (including) | 10.15.7-security_update_2022-004 (including) |
Mac_os_x | Apple | 10.15.7-supplemental_update (including) | 10.15.7-supplemental_update (including) |
Macos | Apple | 11.0 (including) | 11.6 (excluding) |
Watchos | Apple | * | 7.6.2 (excluding) |