Francisco Alonso

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 tvOS versions prior to 17 macOS versions prior to Sonoma 14 Safari versions prior to 17 **Description** The issue is related to a use-after-free problem in the WebKit component, which can be exploited by a remote attacker to execute arbitrary code using a specially crafted link. Processing web content may lead to arbitrary code execution. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For watchOS versions prior to 10, update to watchOS 10 or later. For iOS versions prior to 17, update to iOS 17 or later. For iPadOS versions prior to 17, update to iPadOS 17 or later. For tvOS versions prior to 17, update to tvOS 17 or later. For macOS versions prior to Sonoma 14, update to macOS Sonoma 14 or later. For Safari versions prior to 17, update to Safari 17 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 116.0.5845.110 **Description** The issue is related to an out of bounds memory access in the CSS component of Google Chrome, allowing a remote attacker to perform an out of bounds memory read via a crafted HTML page. This could potentially impact the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 116.0.5845.110, update to version 116.0.5845.110 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17 iPadOS versions prior to 17 watchOS versions prior to 10 macOS Sonoma versions prior to 14 **Description** A use-after-free issue was addressed with improved memory management. Processing web content may lead to arbitrary code execution. This issue is related to the WebKitGTK and WPE WebKit modules, which are used for displaying web pages. The exploitation of this issue may allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 17, update to iOS 17 or later. For iPadOS versions prior to 17, update to iPadOS 17 or later. For watchOS versions prior to 10, update to watchOS 10 or later. For macOS Sonoma versions prior to 14, update to macOS Sonoma 14 or later. As a temporary workaround, consider restricting web content processing until a patch is available. Avoid using vulnerable WebKitGTK and WPE WebKit modules in web page display until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Ventura versions prior to 13.5 Safari versions prior to 16.6 watchOS versions prior to 9.6 **Description** The issue is related to a buffer overflow in the WebKitGTK and WPE WebKit modules, which can lead to arbitrary code execution when processing web content. This can be exploited by a remote attacker. The estimated number of potentially affected devices is not specified. **Recommendations** For iOS versions prior to 16.6, update to iOS 16.6 or later. For iPadOS versions prior to 16.6, update to iPadOS 16.6 or later. For tvOS versions prior to 16.6, update to tvOS 16.6 or later. For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 or later. For Safari versions prior to 16.6, update to Safari 16.6 or later. For watchOS versions prior to 9.6, update to watchOS 9.6 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.5 iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 Safari versions prior to 16.6 watchOS versions prior to 9.6 **Description** The issue is caused by a buffer overflow in the WebKit component, allowing a remote attacker to execute arbitrary code. Processing web content may lead to arbitrary code execution. The issue was addressed with improved memory handling. **Recommendations** For macOS versions prior to 13.5, update to macOS Ventura 13.5. For iOS versions prior to 16.6, update to iOS 16.6. For iPadOS versions prior to 16.6, update to iPadOS 16.6. For tvOS versions prior to 16.6, update to tvOS 16.6. For Safari versions prior to 16.6, update to Safari 16.6. For watchOS versions prior to 9.6, update to watchOS 9.6.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK and WPE WebKit versions prior to those included in watchOS 9.3, tvOS 16.3, macOS Ventura 13.2, iOS 16.3, and iPadOS 16.3 **Description** The issue is related to a buffer overflow in memory, which may allow a remote attacker to execute arbitrary code when processing web content. Improved memory handling has been implemented to address this issue. **Recommendations** For versions prior to watchOS 9.3, update to watchOS 9.3 or later. For versions prior to tvOS 16.3, update to tvOS 16.3 or later. For versions prior to macOS Ventura 13.2, update to macOS Ventura 13.2 or later. For versions prior to iOS 16.3, update to iOS 16.3 or later. For versions prior to iPadOS 16.3, update to iPadOS 16.3 or later.

**Nome do software vulnerável e versões afetadas** Versões do Safari anteriores à 16.1 Versões do macOS anteriores ao Ventura 13 Versões do iOS anteriores à 16.1 Versões do iPadOS anteriores à 16 **Descrição** Um problema de uso após liberação (use after free) foi corrigido com o aprimoramento do gerenciamento de memória. O processamento de conteúdo da web criado de forma maliciosa pode levar à execução de código arbitrário. O problema está relacionado ao uso de memória após sua liberação durante o tratamento de conteúdo da web, o que pode ser explorado por um invasor remoto para executar código arbitrário. **Recomendações** Para versões do Safari anteriores à 16.1, atualize para o Safari 16.1 ou posterior. Para versões do macOS anteriores ao Ventura 13, atualize para o macOS Ventura 13 ou posterior. Para versões do iOS anteriores à 16.1, atualize para o iOS 16.1 ou posterior. Para versões do iPadOS anteriores à 16, atualize para o iPadOS 16 ou posterior.

**Nome do software vulnerável e versões afetadas: Versões do Apple Safari anteriores à 14.0.3 Versões do macOS Big Sur anteriores à 11.2 Versões da Atualização de Segurança anteriores à 2021-001 Catalina Versões da Atualização de Segurança anteriores à 2021-001 Mojave Versões do tvOS anteriores à 14.4 Versões do watchOS anteriores à 7.3 Versões do iOS anteriores à 14.4 Versões do iPadOS anteriores à 14.4 Descrição: Um problema de uso após liberação de memória foi resolvido com o aprimoramento do gerenciamento de memória. O processamento de conteúdo da web criado de forma maliciosa pode levar à execução de código arbitrário. O problema está relacionado ao módulo WebKitGTK, que é usado para exibir páginas da web no Apple Safari e em vários sistemas operacionais da Apple, incluindo Mac OS, iOS, iPadOS, watchOS e tvOS. Recomendações: Para o macOS Big Sur, atualize para a versão 11.2 ou posterior. Para a Atualização de Segurança Catalina, aplique a Atualização de Segurança 2021-001 ou posterior. Para a Atualização de Segurança Mojave, aplique a Atualização de Segurança 2021-001 ou posterior. Para o tvOS, atualize para a versão 14.4 ou posterior. Para o watchOS, atualize para a versão 7.3 ou posterior. Para o iOS, atualize para a versão 14.4 ou posterior. Para o iPadOS, atualize para a versão 14.4 ou posterior. Para o Safari, atualize para a versão 14.0.3 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Firefox anteriores à 74.0.1 Versões do Firefox ESR anteriores à 68.6.1 Versões do Thunderbird anteriores à 68.7.0 **Descrição** O problema está relacionado a uma falha de uso após liberação (use-after-free) no destrutor nsDocShell, que pode ser acionada sob certas condições. Isso pode levar a uma condição de corrida (race condition), causando o uso após liberação. Já ocorreram ataques direcionados em ambiente real explorando essa falha. A exploração desse problema pode permitir que um invasor remoto acesse dados confidenciais, comprometa a integridade dos dados e cause uma negação de serviço. **Recomendações** Para versões do Firefox anteriores à 74.0.1, atualize para a versão 74.0.1 ou posterior. Para versões do Firefox ESR anteriores à 68.6.1, atualize para a versão 68.6.1 ou posterior. Para versões do Thunderbird anteriores à 68.7.0, atualize para a versão 68.7.0 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Firefox anteriores à 74.0.1 Versões do Firefox ESR anteriores à 68.6.1 Versões do Thunderbird anteriores à 68.7.0 **Descrição** O problema está relacionado a uma condição de uso após liberação (use-after-free) no componente ReadableStream, permitindo potencialmente que um invasor remoto acesse dados confidenciais, comprometa sua integridade e cause uma negação de serviço. Já ocorreram ataques direcionados em ambiente real explorando essa falha. **Recomendações** Para versões do Firefox anteriores à 74.0.1, atualize para a versão 74.0.1 ou posterior. Para versões do Firefox ESR anteriores à 68.6.1, atualize para a versão 68.6.1 ou posterior. Para versões do Thunderbird anteriores à 68.7.0, atualize para a versão 68.7.0 ou posterior.

**Name of the Vulnerable Software and Affected Versions** File version 5.35 **Description** The issue is related to an out-of-bounds read in the do core note function of the File utility, specifically in the readelf.c file within libmagic.a. This can lead to a denial of service. The problem arises from the misuse of memcpy, causing the function to read data beyond the boundaries of a buffer in memory. **Recommendations** For File version 5.35, consider restricting access to the do core note function until a patch is available. As a temporary workaround, avoid using the File utility for determining file types from untrusted sources. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Flexpaper versions prior to 2.3.1 **Description** The issue allows remote attackers to conduct content-spoofing attacks. This is achieved via the `Swfile` parameter. **Recommendations** For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Swfile` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Flexpaper versions prior to 2.3.1 **Description** A cross-site scripting (XSS) issue allows remote attackers to inject arbitrary web script or HTML via the `Swfile` parameter. This can lead to the execution of malicious code on the client-side. **Recommendations** For versions prior to 2.3.1, update to version 2.3.1 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Swfile` parameter to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.15.0 **Description** The issue is related to infinite recursion in wddx, allowing attackers to have an unspecified impact. The exact vectors used for the attack are unknown. **Recommendations** For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.15.0 **Description** The issue is related to out-of-bounds write in certain functions, specifically `mb detect encoding`, `mb send mail`, and `mb detect order`, which can allow attackers to have an unspecified impact. The exact vectors used for the attack are unknown. **Recommendations** For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue. As a temporary workaround, consider restricting access to the `mb detect encoding`, `mb send mail`, and `mb detect order` functions until the update is applied.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.15.0 **Description** The issue is related to an integer overflow in the bcmath component, which can trigger a buffer overflow. This allows attackers to have an unspecified impact via unknown vectors. **Recommendations** For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.15.0 **Description** The issue is related to an integer overflow in the StringUtil::implode function. This allows attackers to have an unspecified impact via unknown vectors. **Recommendations** For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Facebook HHVM versions prior to 3.15.0 **Description** The issue is related to self recursion in compact, allowing attackers to have an unspecified impact. The exact vectors used for the attack are unknown. **Recommendations** For Facebook HHVM versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** HHVM versions prior to 3.15.0 **Description** The issue is related to the array * recursive functions in HHVM, which allows attackers to have an unspecified impact. The attack vector is unknown and is related to recursion. **Recommendations** For versions prior to 3.15.0, update to version 3.15.0 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** file versions prior to 5.19 PHP versions prior to 5.4.30 PHP versions 5.5.x prior to 5.5.14 **Description** The issue is related to a buffer overflow in the `mconvert` function in `softmagic.c` in the `file` component, which is used in PHP. This allows remote attackers to cause a denial of service (application crash) via a crafted Pascal string in a `FILE PSTRING` conversion. The vulnerability can be exploited remotely, potentially leading to disruption of protected information. **Recommendations** For file versions prior to 5.19, update to version 5.19 or later. For PHP versions prior to 5.4.30, update to version 5.4.30 or later. For PHP versions 5.5.x prior to 5.5.14, update to version 5.5.14 or later. As a temporary workaround, consider restricting the use of the `mconvert` function in `softmagic.c` until a patch is available. Avoid using crafted Pascal strings in `FILE PSTRING` conversions until the issue is resolved.