-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

APPLE-SA-2021-05-25-1 iOS 14.6 and iPadOS 14.6

iOS 14.6 and iPadOS 14.6 addresses the following issues.
Information about the security content is also available at
https://support.apple.com/HT212528.

Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may lead to
arbitrary code execution
Description: This issue was addressed with improved checks.
CVE-2021-30707: hjy79425575 working with Trend Micro Zero Day
Initiative

Audio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Parsing a maliciously crafted audio file may lead to
disclosure of user information
Description: This issue was addressed with improved checks.
CVE-2021-30685: Mickey Jin (@patch1t) of Trend Micro

AVEVideoEncoder
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to cause unexpected system
termination or write kernel memory
Description: A race condition was addressed with improved state
handling.
CVE-2021-30714: @08Tc3wBB of ZecOps, and George Nosenko

CommCenter
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A device may accept invalid activation results
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30729: CHRISTIAN MINA

Core Services
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to gain root privileges
Description: A validation issue existed in the handling of symlinks.
This issue was addressed with improved validation of symlinks.
CVE-2021-30681: Zhongcheng Li (CK01)

CoreAudio
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted audio file may disclose
restricted memory
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30686: Mickey Jin of Trend Micro

Crash Reporter
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to modify protected parts
of the file system
Description: A logic issue was addressed with improved state
management.
CVE-2021-30727: Cees Elzinga

CVMS
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local attacker may be able to elevate  their privileges
Description: This issue was addressed with improved checks.
CVE-2021-30724: Mickey Jin (@patch1t) of Trend Micro

Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A local user may be able to leak sensitive user information
Description: A logic issue was addressed with improved state
management.
CVE-2021-30697: Gabe Kirkpatrick (@gabe_k)

Heimdal
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may cause a denial of service or
potentially disclose memory contents
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30710: Gabe Kirkpatrick (@gabe_k)

ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30687: Hou JingYi (@hjy79425575) of Qihoo 360

ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to disclosure
of user information
Description: This issue was addressed with improved checks.
CVE-2021-30700: Ye Zhang(@co0py_Cat) of Baidu Security

ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: This issue was addressed with improved checks.
CVE-2021-30701: Mickey Jin (@patch1t) of Trend Micro and Ye Zhang of
Baidu Security

ImageIO
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted ASTC file may disclose
memory contents
Description: This issue was addressed with improved checks.
CVE-2021-30705: Ye Zhang of Baidu Security

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to execute arbitrary code
with kernel privileges
Description: A logic issue was addressed with improved validation.
CVE-2021-30740: Linus Henze (pinauten.de)

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may disclose restricted memory
Description: This issue was addressed with improved checks.
CVE-2021-30674: Siddharth Aeri (@b1n4r1b01)

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A logic issue was addressed with improved state
management.
CVE-2021-30704: an anonymous researcher

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted message may lead to a denial
of service
Description: A logic issue was addressed with improved state
management.
CVE-2021-30715: The UK's National Cyber Security Centre (NCSC)

Kernel
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An application may be able to execute arbitrary code with
kernel privileges
Description: A buffer overflow was addressed with improved size
validation.
CVE-2021-30736: Ian Beer of Google Project Zero

LaunchServices
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to break out of its
sandbox
Description: This issue was addressed with improved environment
sanitization.
CVE-2021-30677: Ron Waisberg (@epsilan)

Mail
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted mail message may lead to
unexpected memory modification or application termination
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-30741: SYMaster of ZecOps Mobile EDR Team

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An information disclosure issue was addressed with
improved state management.
CVE-2021-30723: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30691: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30692: Mickey Jin (@patch1t) of Trend Micro
CVE-2021-30694: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: A memory corruption issue was addressed with improved
state management.
CVE-2021-30725: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30746: Mickey Jin (@patch1t) of Trend Micro

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted image may lead to arbitrary
code execution
Description: A validation issue was addressed with improved logic.
CVE-2021-30693: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: An out-of-bounds read was addressed with improved bounds
checking.
CVE-2021-30695: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may lead to
unexpected application termination or arbitrary code execution
Description: An out-of-bounds read was addressed with improved input
validation.
CVE-2021-30708: Mickey Jin (@patch1t) & Junzhi Lu (@pwn0rz) of Trend
Micro

Model I/O
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted USD file may disclose memory
contents
Description: This issue was addressed with improved checks.
CVE-2021-30709: Mickey Jin (@patch1t) of Trend Micro

Notes
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A user may be able to view restricted content from the
lockscreen
Description: A window management issue was addressed with improved
state management.
CVE-2021-30699: videosdebarraquito

Security
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing a maliciously crafted certificate may lead to
arbitrary code execution
Description: A memory corruption issue in the ASN.1 decoder was
addressed by removing the vulnerable code.
CVE-2021-30737: xerub

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A cross-origin issue with iframe elements was addressed
with improved tracking of security origins.
CVE-2021-30744: Dan Hite of jsontop

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: A use after free issue was addressed with improved
memory management.
CVE-2021-21779: Marcin Towalski of Cisco Talos

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious application may be able to leak sensitive user
information
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30682: an anonymous researcher and 1lastBr3ath

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
universal cross site scripting
Description: A logic issue was addressed with improved state
management.
CVE-2021-30689: an anonymous researcher

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: Processing maliciously crafted web content may lead to
arbitrary code execution
Description: Multiple memory corruption issues were addressed with
improved memory handling.
CVE-2021-30749: an anonymous researcher and mipu94 of SEFCOM lab,
ASU. working with Trend Micro Zero Day Initiative
CVE-2021-30734: Jack Dates of RET2 Systems, Inc. (@ret2systems)
working with Trend Micro Zero Day Initiative

WebKit
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A malicious website may be able to access restricted ports on
arbitrary servers
Description: A logic issue was addressed with improved restrictions.
CVE-2021-30720: David Schütz (@xdavidhu)

WebRTC
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: A remote attacker may be able to cause a denial of service
Description: A null pointer dereference was addressed with improved
input validation.
CVE-2021-23841: Tavis Ormandy of Google
CVE-2021-30698: Tavis Ormandy of Google

Wi-Fi
Available for: iPhone 6s and later, iPad Pro (all models), iPad Air 2
and later, iPad 5th generation and later, iPad mini 4 and later, and
iPod touch (7th generation)
Impact: An attacker in WiFi range may be able to force a client to
use a less secure authentication mechanism
Description: A logic issue was addressed with improved validation.
CVE-2021-30667: Raul Siles of DinoSec (@dinosec)

Additional recognition

AVEVideoEncoder
We would like to acknowledge @08Tc3wBB for their assistance.

CommCenter
We would like to acknowledge CHRISTIAN MINA and Stefan Sterz
(@0x7374) of Secure Mobile Networking Lab at TU Darmstadt and
Industrial Software at TU Wien for their assistance.

CoreCapture
We would like to acknowledge Zuozhi Fan (@pattern_F_) of Ant-
financial TianQiong Security Lab for their assistance.

ImageIO
We would like to acknowledge Jzhu working with Trend Micro Zero Day
Initiative and an anonymous researcher for their assistance.

Kernel
We would like to acknowledge Saar Amar (@AmarSaar) for their
assistance.

Mail Drafts
We would like to acknowledge Lauritz Holtmann (@_lauritz_) for their
assistance.

NetworkExtension
We would like to acknowledge Matthias Ortmann of Secure Mobile
Networking Lab for their assistance.

WebKit
We would like to acknowledge Chris Salls (@salls) of Makai Security
for their assistance.

Installation note:

This update is available through iTunes and Software Update on your
iOS device, and will not appear in your computer's Software Update
application, or in the Apple Downloads site. Make sure you have an
Internet connection and have installed the latest version of iTunes
from https://www.apple.com/itunes/

iTunes and Software Update on the device will automatically check
Apple's update server on its weekly schedule. When an update is
detected, it is downloaded and the option to be installed is
presented to the user when the iOS device is docked. We recommend
applying the update immediately if possible. Selecting Don't Install
will present the option the next time you connect your iOS device.
The automatic update process may take up to a week depending on the
day that iTunes or the device checks for updates. You may manually
obtain the update via the Check for Updates button within iTunes, or
the Software Update on your device.

To check that the iPhone, iPod touch, or iPad has been updated:
* Navigate to Settings
* Select General
* Select About
* The version after applying this update will be "14.6"

Information will also be posted to the Apple Security Updates
web site: https://support.apple.com/kb/HT201222

This message is signed with Apple's Product Security PGP key,
and details are available at:
https://www.apple.com/support/security/pgp/

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEbURczHs1TP07VIfuZcsbuWJ6jjAFAmCtU9AACgkQZcsbuWJ6
jjAtCQ//auqQ5YsUCBz4i00PEoOfnZiFYGfXzFlA4uYymaH0vCABC4KOg9HqjZHa
krqB08YNp79k7Q+nXbCy4DHw10Pm2DGoDjvgk+sR46FhNC5kRVvYhNmRQ4sInT31
Nq55YvwU1pSW0Mlvm2x2EAr3qEJZws2snotb9E5cc/i2XAYKzcoia+jGhjJO8uub
4a4Cbg0HkDxpFKDty0RRlCm19DLt2haGjf+HLC0sFlaKMZTG+OPvomszPTB6gXXp
RWHc9a6jLg0gi6GRMTTd8Y0QasZrCN17VbjRgM+zXVOq3Q+pZ4/ny6jqs9WW4FCL
P//0DKnaYFpOBcGzqGt3fh1BEQGuCcsYhjTP1NifAnviXNC5Q9DOlFbJEBDl6Ngo
IlbLSBpllWd+usrAFSxCAaw28xsjJzNbqMlGQfj/xg1l7xHqczmryszBW5n3F92p
XXYMJeUrQd7gWJSK3lPmHBjJug0wdHqL0mMkTafyTtbCuDZBAKcPwDQAjv/O6o72
LBCVjFR6AJVoiqhteT5HtRG9S8TItV3p9lizA4Q9Yt93HI9gIe1dwKUgC5Kdoxjd
Oo57UvtUooV3aRl4SnBxh0eHiSu76gvBcsv4ZPaNCXT+OzE/cBoGaW5FJ/mB4Gwc
8drcqnRsF1i6qnvmBmcq180ucKmxW1zZyjUqt2Fvigygzl5dwx4=
=Q8uh
-----END PGP SIGNATURE-----