Dan Bastone

**Name of the Vulnerable Software and Affected Versions** CUPS versions prior to 2.2.7-1ubuntu2.1 CUPS versions prior to 2.2.4-7ubuntu3.1 CUPS versions prior to 2.1.3-4ubuntu0.5 CUPS versions prior to 1.7.2-0ubuntu1.10 **Description** The issue is related to the CUPS AppArmor profile, which incorrectly confined the dnssd backend due to the use of hard links. A local attacker could possibly use this issue to escape confinement. **Recommendations** For versions prior to 2.2.7-1ubuntu2.1, update to version 2.2.7-1ubuntu2.1 or later. For versions prior to 2.2.4-7ubuntu3.1, update to version 2.2.4-7ubuntu3.1 or later. For versions prior to 2.1.3-4ubuntu0.5, update to version 2.1.3-4ubuntu0.5 or later. For versions prior to 1.7.2-0ubuntu1.10, update to version 1.7.2-0ubuntu1.10 or later.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** The issue existed in the CUPS component of macOS High Sierra and was related to the SetEnv and PassEnv directives. It allowed an attacker to execute arbitrary code with root privileges. The problem was addressed with improved access restrictions. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider restricting access to the CUPS service until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An access issue was addressed with additional sandbox restrictions on CUPS. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An access issue was addressed with additional sandbox restrictions in macOS. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Mac OS X versions prior to 10.11 **Description** The issue is related to errors in the code of the Telephony component in Mac OS X. It can be exploited by a local attacker to bypass restrictions on telephone calls when the Continuity feature is enabled. **Recommendations** For Mac OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider disabling the Continuity feature to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11 **Description** The issue is related to the Address Book framework, which has inadequate access control to certain functions. This can be exploited by a local attacker to gain elevated privileges. The vulnerability allows an attacker to inject code into processes that rely on the Address Book framework by using an environment variable. **Recommendations** For Apple OS X versions prior to 10.11, update to version 10.11 or later to resolve the issue. As a temporary workaround, consider restricting access to the Address Book framework until a patch is available.