Omer Gull

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** An input validation issue was addressed with improved memory handling, which may allow an application to gain elevated privileges. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** An input validation issue was addressed with improved input validation. A malicious application may be able to read restricted memory. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** A memory corruption issue was addressed with improved input validation. A maliciously crafted SQL query may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** Windows Server versions prior to the fixed version Windows Server 2012 R2 Windows Server 2008 Windows Server 2012 Windows Server 2019 Windows Server 2016 Windows Server 2008 R2 Windows 10 Servers **Description** A remote code execution issue exists due to the way the Windows Deployment Services TFTP Server handles objects in memory. This allows remote attackers to execute arbitrary code on the system by sending a specially crafted request. The vulnerability can be exploited by remote attackers, potentially leading to the execution of arbitrary code. **Recommendations** For Windows Server 2012 R2, update to a version that includes the fix for this issue. For Windows Server 2008, consider applying a workaround or configuration change to mitigate the risk until a patch is available. For Windows Server 2012, restrict access to the TFTP Server until a patch is available. For Windows Server 2019, Windows Server 2016, Windows Server 2008 R2, and Windows 10 Servers, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the TFTP Server service until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Microsoft Office (affected versions not specified) Microsoft Office Compatibility Pack (affected versions not specified) Microsoft Word (affected versions not specified) **Description** This issue is a remote code execution flaw in Microsoft Office software. The problem stems from improper handling of objects in memory. A successful exploit allows an attacker to execute arbitrary code with the privileges of the current user. If the user has administrative rights, the attacker could gain full control of the system, including the ability to install programs, modify or delete data, and create new accounts. Exploitation requires a user to open a specially crafted file using an affected version of Microsoft Office or Microsoft WordPad. The Cloud Atlas threat group has been observed utilizing this vulnerability in attacks, deploying malware like VBCloud via phishing emails containing malicious documents that exploit the flaw in the equation editor. These attacks primarily target users in Russia. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.