This issue is fixed in macOS Big Sur 11.5. Multiple issues were addressed with improved logic. Apple is aware of a report that this issue may have been actively exploited. Processing maliciously crafted web content may lead to arbitrary code execution. This issue is fixed in iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6. Apple is aware of a report that this issue may have been actively exploited.Ī use after free issue was addressed with improved memory management. Processing a maliciously crafted PDF may lead to arbitrary code execution. This issue is fixed in Security Update 2021-005 Catalina, iOS 14.8 and iPadOS 14.8, macOS Big Sur 11.6, watchOS 7.6.2. NOTE: a news outlet (The Markup) states that they received a vendor response indicating that fix deployment 'began several weeks ago and will be complete in the coming days.'Īn integer overflow was addressed with improved input validation. GAEN (aka Google/Apple Exposure Notifications) through on Android allows attackers to obtain sensitive information, such as a user's location history, in-person social graph, and (sometimes) COVID-19 infection status, because Rolling Proximity Identifiers and MAC addresses are written to the Android system log, and many Android devices have applications (preinstalled by the hardware manufacturer or network operator) that read system log data and send it to third parties.
