Natashenka

**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 12.3 Versões do watchOS anteriores à 5.2.1 **Descrição** Um problema de validação de entrada pode levar a uma negação de serviço ao processar uma mensagem criada com intenção maliciosa. **Recomendações** Para versões do iOS anteriores à 12.3, atualize para o iOS 12.3 para resolver o problema. Para versões do watchOS anteriores à 5.2.1, atualize para o watchOS 5.2.1 para resolver o problema.

**Nome do software vulnerável e versões afetadas** Versões do Apple iOS anteriores à 13.3 Versão 12.4.4 e anteriores do Apple iOS Versões do Apple iPadOS anteriores à 13.3 Versões do Apple macOS anteriores à 10.15.2 Versões do Apple macOS Mojave sem a Atualização de Segurança 2019-002 Versões do Apple macOS High Sierra sem a Atualização de Segurança 2019-007 Versões do Apple tvOS anteriores à 13.3 Versões do Apple watchOS anteriores à 6.1.1 Versão 5.3.4 e anteriores do Apple watchOS **Descrição** Um problema de leitura fora dos limites foi corrigido com a validação aprimorada de entradas. O processamento de vídeos maliciosos via FaceTime pode levar à execução de código arbitrário. **Recomendações** Para versões do iOS anteriores à 13.3, atualize para o iOS 13.3 ou posterior. Para a versão 12.4.4 do iOS e anteriores, atualize para o iOS 12.4.4 ou posterior se não for possível atualizar para o iOS 13.3 ou posterior. Para versões do iPadOS anteriores à 13.3, atualize para o iPadOS 13.3 ou posterior. Para versões do macOS anteriores à 10.15.2, atualize para o macOS 10.15.2 ou posterior. Para o macOS Mojave, aplique a Atualização de Segurança 2019-002. Para o macOS High Sierra, aplique a Atualização de Segurança 2019-007. Para versões do tvOS anteriores à 13.3, atualize para o tvOS 13.3 ou posterior. Para versões do watchOS anteriores à 6.1.1, atualize para o watchOS 6.1.1 ou posterior. Para o watchOS versão 5.3.4 e anteriores, atualize para o watchOS 5.3.4 ou posterior se não for possível atualizar para o watchOS 6.1.1 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do macOS anteriores à 10.14.5 Versões da Atualização de Segurança anteriores à 2019-003 High Sierra Versões da Atualização de Segurança anteriores à 2019-003 Sierra Versões do iOS anteriores à 12.3 Versões do watchOS anteriores à 5.2.1 **Descrição** Um problema de validação de entrada pode permitir que um invasor remoto cause uma negação de serviço no sistema. **Recomendações** Para versões do macOS anteriores à 10.14.5, atualize para o macOS Mojave 10.14.5. Para versões da Atualização de Segurança anteriores à 2019-003 High Sierra, aplique a Atualização de Segurança 2019-003 High Sierra. Para versões da Atualização de Segurança anteriores à 2019-003 Sierra, aplique a Atualização de Segurança 2019-003 Sierra. Para versões do iOS anteriores à 12.3, atualize para o iOS 12.3. Para versões do watchOS anteriores à 5.2.1, atualize para o watchOS 5.2.1.

**Nome do software vulnerável e versões afetadas: Versões do Google Chrome anteriores à 84.0.4147.89 Descrição: O problema está relacionado a uma implementação inadequada no WebRTC, o que pode levar à corrupção da pilha (heap) por meio de um fluxo SCTP manipulado. Isso pode ser potencialmente explorado por um invasor em uma posição privilegiada na rede. A vulnerabilidade também está relacionada a um estouro de buffer na implementação do WebRTC, o que pode permitir que um invasor remoto comprometa a integridade dos dados. Recomendações: Para versões do Google Chrome anteriores à 84.0.4147.89, atualize para a versão 84.0.4147.89 ou posterior para resolver o problema. Como solução temporária, considere restringir o acesso à funcionalidade WebRTC até que a atualização seja aplicada.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** A use after free issue was addressed with improved memory management. A remote attacker may be able to cause arbitrary code execution. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Catalina versions prior to 10.15 iOS versions prior to 13 iCloud for Windows versions prior to 7.14 and prior to 10.7 tvOS versions prior to 13 watchOS versions prior to 6 iTunes for Windows versions prior to 12.10.1 **Description** An out-of-bounds read issue was addressed with improved input validation, which may allow a remote attacker to cause unexpected application termination or arbitrary code execution. **Recommendations** For macOS Catalina versions prior to 10.15, update to macOS Catalina 10.15 or later. For iOS versions prior to 13, update to iOS 13 or later. For iCloud for Windows versions prior to 7.14 and prior to 10.7, update to iCloud for Windows 7.14 or iCloud for Windows 10.7 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For watchOS versions prior to 6, update to watchOS 6 or later. For iTunes for Windows versions prior to 12.10.1, update to iTunes 12.10.1 for Windows or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 **Description** A remote attacker may be able to leak memory due to this issue. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 **Description** A use after free issue was addressed with improved memory management. A remote attacker may be able to cause arbitrary code execution. **Recommendations** For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An out-of-bounds read issue was addressed with improved input validation. The issue is related to remote iPhone exploitation via iMessage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** An input validation issue may lead to a denial of service when processing a maliciously crafted message. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 to resolve the issue. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 Description: A memory corruption issue was addressed with improved input validation. Recommendations: For versions prior to 12.1, update to iOS 12.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 Description: A memory corruption issue was addressed with improved input validation. Recommendations: For versions prior to 12.1, update to iOS 12.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A buffer overflow issue was addressed with improved memory handling. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 Safari versions prior to 11.1.1 iCloud versions prior to 7.5 on Windows iTunes versions prior to 12.7.5 on Windows tvOS versions prior to 11.4 watchOS versions prior to 4.3.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code via a crafted web site. This is achieved by leveraging a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4 Apple Safari versions prior to 11.1.1 Apple iCloud versions prior to 7.5 on Windows Apple iTunes versions prior to 12.7.5 on Windows Apple tvOS versions prior to 11.4 **Description** The issue involves the WebKit component and allows remote attackers to obtain sensitive credential information transmitted during a CSS mask-image fetch. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4 Apple Safari versions prior to 11.1.1 Apple iCloud versions prior to 7.5 on Windows Apple iTunes versions prior to 12.7.5 on Windows Apple tvOS versions prior to 11.4 Apple watchOS versions prior to 4.3.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site that triggers an @generatorState use-after-free. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Galaxy S6 versions prior to October 2015 MR **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and SIGSEGV, via a crafted image file. **Recommendations** For Samsung Galaxy S6 versions prior to October 2015 MR, apply the October 2015 MR patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung LibQjpeg version not specified **Description** The issue allows remote attackers to cause a denial of service and execute arbitrary code via a crafted JPG. This can result in a segmentation fault and process crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is caused by a buffer overflow in memory. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For Safari versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.2, update to version 10.2 or later. As a temporary workaround, consider restricting access to the WebKit component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 **Description** The issue involves the `WebKit` component and allows remote attackers to execute arbitrary code via a crafted web site. It is related to the mishandling of strict mode functions and insufficient access control, which can be exploited to compromise information confidentiality. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For Safari versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.2, update to version 10.2 or later.