Lucas Pinheiro

**Nome do Software Vulnerável e Versões Afetadas** Versões do watchOS anteriores à 26.2 Versões do iOS anteriores à 26.2 Versões do iPadOS anteriores à 26.2 Versões do macOS anteriores ao Tahoe 26.2 Versões do visionOS anteriores à 26.2 Versões do tvOS anteriores à 26.2 **Descrição** O software contém múltiplos problemas de corrupção de memória devido à validação de entrada insuficiente. Um HID (Dispositivo de Interface Humana) especialmente elaborado poderia potencialmente causar o travamento inesperado de um processo. **Recomendações** Atualize para a versão 26.2 ou posterior do watchOS. Atualize para a versão 26.2 ou posterior do iOS. Atualize para a versão 26.2 ou posterior do iPadOS. Atualize para a versão Tahoe 26.2 ou posterior do macOS. Atualize para a versão 26.2 ou posterior do visionOS. Atualize para a versão 26.2 ou posterior do tvOS.

**Nome do Software Vulnerável e Versões Afetadas** Versões do macOS Sonoma anteriores à 14.8.3 Versões do macOS Sequoia anteriores à 15.7.3 **Descrição** Um problema de corrupção de memória existe devido à verificação de limites insuficiente. A exploração deste problema pode resultar no encerramento inesperado do aplicativo ao processar dados maliciosos. **Recomendações** Atualize para o macOS Sonoma versão 14.8.3 ou posterior. Atualize para o macOS Sequoia versão 15.7.3 ou posterior.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 75.0.3770.80 **Description** The issue is related to an integer overflow in the download manager, which can be exploited by a remote attacker using a crafted HTML page. This could potentially lead to out of bounds memory access. The vulnerability may allow an attacker to impact data integrity, cause a denial of service, or gain unauthorized access to confidential information. **Recommendations** For versions prior to 75.0.3770.80, update to version 75.0.3770.80 or later to resolve the issue. As a temporary workaround, consider restricting access to crafted HTML pages that could exploit the integer overflow in the download manager.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 72.0.3626.96 **Description** The issue is related to incorrect handling of data in the V8 JavaScript engine, which can be exploited by a remote attacker to bypass security restrictions. It is caused by the incorrect handling of deferred code in V8, potentially allowing heap corruption via a crafted HTML page. **Recommendations** For versions prior to 72.0.3626.96, update to version 72.0.3626.96 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the Chakra scripting engine, which handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user by using a specially crafted web page. If the current user has administrative rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Name of the Vulnerable Software and Affected Versions: Internet Explorer 11 Description: A remote code execution issue exists due to improper memory access by Internet Explorer. This could allow an attacker to execute arbitrary code in the context of the current user by exploiting the vulnerability with a specially crafted web page. If the current user has administrative rights, the attacker could gain control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. Recommendations: For Internet Explorer 11, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the Chakra scripting engine of Microsoft Edge, caused by a buffer overflow in memory when handling JavaScript scripts. This could allow an attacker to execute arbitrary code on a user's system by using a specially crafted web page. If the user has administrative rights, the attacker could gain control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the Chakra scripting engine, which can lead to memory corruption. This allows an attacker to execute arbitrary code in the context of the current user by using a specially crafted web page. If the user has administrative rights, the attacker could gain control of the system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the way the scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to a remote code execution problem in the way the scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user. If the user has administrative rights, the attacker could take control of the system, install programs, view, change or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.