Jack Tang

**Nome do software vulnerável e versões afetadas** Kernel do Android **Descrição** O problema está relacionado a um estouro de inteiro no driver de tela sensível ao toque FingerTipS, o que poderia levar a uma possível leitura fora dos limites. Isso pode resultar na divulgação de informações locais, exigindo privilégios de execução do sistema para a exploração. Não é necessária nenhuma interação do usuário para a exploração. **Recomendações** Para o kernel do Android, considere aplicar um patch ou correção para resolver o problema de estouro de inteiro no driver da tela sensível ao toque FingerTipS assim que estiver disponível. No momento, não há informações sobre uma versão mais recente que contenha uma correção para essa vulnerabilidade.

**Nome do software vulnerável e versões afetadas: Versões do kernel do Android (versões afetadas não especificadas) Descrição: O problema está relacionado a uma leitura fora dos limites do buffer na função fts driver test write do arquivo fts proc.c, um componente do driver Touch do kernel do Android. Isso pode levar à divulgação de informações locais, sendo necessários privilégios de execução do sistema para a exploração. Não é necessária nenhuma interação do usuário para a exploração. Recomendações: No momento, não há informações sobre uma versão mais recente que contenha uma correção para esta vulnerabilidade.

**Nome do software vulnerável e versões afetadas** Kernel do Android **Descrição** O problema está relacionado a um estouro de buffer de heap no driver da tela sensível ao toque FingerTipS, o que pode levar a uma escalada local de privilégios. Isso requer privilégios de execução do sistema e não necessita de interação do usuário para ser explorado. **Recomendações** Para o kernel do Android, considere aplicar um patch ou correção para resolver o problema de estouro de buffer de heap no driver da tela sensível ao toque FingerTipS assim que estiver disponível. Como solução alternativa temporária, restringir o acesso à função `fts driver test write` pode ajudar a minimizar o risco de exploração.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 10 Apple OS X versions prior to 10.12 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. **Recommendations** For Apple iOS versions prior to 10, update to version 10 or later. For Apple OS X versions prior to 10.12, update to version 10.12 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.12 **Description** The issue allows an attacker to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. This can be achieved via a crafted app. **Recommendations** For Apple OS X versions prior to 10.12, update to version 10.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.12 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. **Recommendations** For versions prior to 10.12, update to version 10.12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.6 **Description** The issue allows local users to obtain sensitive kernel memory-layout information or cause a denial of service via unspecified vectors, potentially related to a use-after-free privilege escalation vulnerability in the DspFuncLib component. **Recommendations** For versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is related to a buffer overflow in the AppleGraphicsPowerManagement component, which can be exploited by attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OS X versions prior to 10.11.5 **Description** The issue is related to errors in pointer dereferencing in the IOAcceleratorFamily component. It allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app. This can be achieved by a remote attacker using a specially created application. **Recommendations** For OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is caused by a buffer overflow in the Graphics Drivers subsystem of the operating system. This can be exploited by a remote attacker using a specially crafted application, potentially allowing them to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Disk Utility in Apple OS X versions prior to 10.11.5 **Description** The issue is related to the use of incorrect encryption keys for disk images in the Disk Utility component of Mac OS X. This could potentially allow a remote attacker to impact the confidentiality of information. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 Apple watchOS versions prior to 2.2.1 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption via a crafted app. This is caused by a buffer overflow in the Disk Images subsystem of the operating systems. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For Apple watchOS versions prior to 2.2.1, update to version 2.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions (affected versions not specified) iOS versions (affected versions not specified) **Description** The issue is caused by a buffer overflow in the IOAcceleratorFamily component of the operating systems. This can be exploited by a remote attacker using a specially crafted application, potentially allowing them to execute arbitrary code in a privileged context or cause a denial of service (memory corruption). **Recommendations** For Apple OS X, update to a version that includes a fix for the IOAcceleratorFamily component buffer overflow issue. For iOS, update to a version that includes a fix for the IOAcceleratorFamily component buffer overflow issue. As a temporary workaround, consider restricting access to the IOAcceleratorFamily component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is caused by a buffer overflow in the IOAudioFamily component, allowing attackers to execute arbitrary code in a privileged context via a crafted app. This can be exploited by a remote attacker using a specially created application. **Recommendations** For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of privileged contexts to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 9.1 Apple iOS versions prior to 9.3 tvOS versions prior to 9.2 **Description** The issue is related to the History implementation in WebKit, which allows remote attackers to cause a denial of service. This can be achieved through a crafted web site, leading to resource consumption and application crash. **Recommendations** For Safari versions prior to 9.1, update to version 9.1 or later. For Apple iOS versions prior to 9.3, update to version 9.3 or later. For tvOS versions prior to 9.2, update to version 9.2 or later.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** A remote code execution issue exists due to improper access to objects in memory. This could corrupt memory, allowing an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.