Brian Mastenbrook

**Nome do software vulnerável e versões afetadas** Versões do NVIDIA SHIELD TV anteriores à 8.2.2 **Descrição** O problema está relacionado à implementação do status do comando RPMB, permitindo que um invasor grave no Bloco de Configuração de Proteção contra Gravação. Isso pode levar à negação de serviço ou à escalada de privilégios. **Recomendações** Para versões anteriores à 8.2.2, atualize para a versão 8.2.2 ou posterior para resolver o problema. Como solução alternativa temporária, considere restringir o acesso ao status do comando RPMB para minimizar o risco de exploração.

**Nome do software vulnerável e versões afetadas** Dispositivos Western Digital iNAND até 03/06/2020 **Descrição** Foi identificada uma falha de segurança no protocolo Replay Protected Memory Block (RPMB), utilizado por dispositivos de armazenamento para proteger firmware confiável. Essa falha pode ser explorada em diversos cenários, permitindo potencialmente que um invasor altere o estado do RPMB sem o conhecimento do componente confiável. A falha pode levar à contornamento da autenticação por meio de um ataque de captura e reprodução. **Recomendações** Para dispositivos Western Digital iNAND até 03/06/2020, como solução temporária, considere restringir o acesso ao recurso RPMB até que uma correção esteja disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions through 10.6.8 **Description** The issue concerns the User Documentation component in Apple Mac OS X, which uses http sessions for updates to App Store help information. This allows man-in-the-middle attackers to execute arbitrary code by spoofing the http server. **Recommendations** For Apple Mac OS X versions through 10.6.8, consider disabling the use of http sessions for App Store help information updates until a secure alternative is implemented. Restrict access to the App Store help information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.3 **Description** The issue allows remote attackers to execute arbitrary code via a package file type in an internet-enabled disk image. This is due to the lack of a warning for an unsafe file type, making it easier for attackers to exploit. **Recommendations** For versions prior to 10.6.3, update to version 10.6.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple Mac OS X versions prior to 10.6.2 **Description** The issue concerns the Help Viewer in Apple Mac OS X, which does not use a secure HTTPS connection to retrieve content from a website. This allows man-in-the-middle attackers to send a crafted `help:runscript` link, potentially executing arbitrary code via a spoofed response. **Recommendations** For versions prior to 10.6.2, update to version 10.6.2 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: Ruby on Rails versions 2.x prior to 2.2.3 Ruby on Rails versions 2.3.x prior to 2.3.4 Description: A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML by placing malformed Unicode strings into a form helper. Recommendations: For Ruby on Rails versions 2.x prior to 2.2.3, update to version 2.2.3 or later. For Ruby on Rails versions 2.3.x prior to 2.3.4, update to version 2.3.4 or later.

Name of the Vulnerable Software and Affected Versions: Apple Mac OS X versions 10.5 through 10.5.7 Description: The issue allows user-assisted remote attackers to execute arbitrary JavaScript via a web page, making it easier to exploit. This occurs because of an incomplete blacklist vulnerability in CoreTypes in Apple Mac OS X. The vulnerability is exploited when a web page offers a download with a Content-Type value that is not on the list of possibly unsafe content types for Safari. Recommendations: For Apple Mac OS X versions 10.5 through 10.5.7, update to version 10.5.8 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.4.11 through 10.5.6 **Description** The issue allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files, due to the Help Viewer not verifying that HTML pathnames are located in a registered help book. **Recommendations** For Mac OS X versions 10.4.11 through 10.5.6, update to version 10.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions 10.4.11 through 10.5.6 **Description** The issue allows remote attackers to execute arbitrary code via a help: URL that triggers invocation of AppleScript files, due to the Help Viewer not verifying that certain Cascading Style Sheets (CSS) are located in a registered help book. **Recommendations** For Mac OS X versions 10.4.11 through 10.5.6, update to version 10.5.7 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions in Apple Mac OS X 10.4.11 and 10.5.6 Safari versions in Windows XP and Vista **Description** The issue is related to input validation problems, allowing remote attackers to execute arbitrary JavaScript in the local security zone via a crafted feed URL. **Recommendations** For Safari versions in Apple Mac OS X 10.4.11 and 10.5.6: update to a version with improved input validation. For Safari versions in Windows XP and Vista: update to a version with improved input validation. As a temporary workaround, consider restricting the use of feed URLs to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.5.3 **Description** The issue allows user-assisted remote attackers to execute arbitrary code via specific content types for downloadable objects. This can occur through various applications, including Automator, Help, Safari, or Terminal, when a downloadable object does not trigger a warning message in the Download Validation feature in Mac OS X 10.4 or the Quarantine feature in Mac OS X 10.5. **Recommendations** For Mac OS X versions prior to 10.5.3, update to version 10.5.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Terminal.app in Mac OS X versions 10.4.11 and 10.5 through 10.5.1 **Description** The issue allows remote attackers to execute arbitrary code via unspecified URL schemes in Terminal.app. **Recommendations** For Mac OS X version 10.4.11, update to a version that is not affected by this issue. For Mac OS X versions 10.5 through 10.5.1, update to a version that is not affected by this issue.