Riusksk

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 tvOS versions prior to 13 **Description** A memory corruption issue was addressed with improved validation. Processing a maliciously crafted movie may result in the disclosure of process memory. **Recommendations** For macOS versions prior to 10.15, update to macOS Catalina 10.15 to resolve the issue. For tvOS versions prior to 13, update to tvOS 13 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** A remote code execution issue exists due to the improper handling of specially crafted embedded fonts by the Windows font library. This allows remote attackers to execute arbitrary code and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 iOS versions prior to 13.1 iPadOS versions prior to 13.1 tvOS versions prior to 13 watchOS versions prior to 6 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For macOS versions prior to 10.15, update to macOS Catalina 10.15 or apply Security Update 2019-001 or Security Update 2019-006. For iOS versions prior to 13.1, update to iOS 13.1. For iPadOS versions prior to 13.1, update to iPadOS 13.1. For tvOS versions prior to 13, update to tvOS 13. For watchOS versions prior to 6, update to watchOS 6.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 tvOS versions prior to 13 iTunes for Windows versions prior to 12.10.1 iCloud for Windows versions prior to 10.7 and 7.14 **Description** A buffer overflow issue was addressed with improved bounds checking. Processing a maliciously crafted text file may lead to arbitrary code execution. This issue allows attackers to execute arbitrary code via a specially crafted text file. **Recommendations** For macOS versions prior to 10.15, update to macOS Catalina 10.15. For tvOS versions prior to 13, update to tvOS 13. For iTunes for Windows versions prior to 12.10.1, update to iTunes for Windows 12.10.1. For iCloud for Windows versions prior to 10.7 and 7.14, update to iCloud for Windows 10.7 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows Graphics Component (affected versions not specified) **Description** The issue is related to errors in handling objects in memory by the Windows Graphics Component. This can allow an attacker to disclose protected information using a specially crafted application. To exploit this, an attacker must log on to an affected system and run the malicious application. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iCloud for Windows versions prior to 7.12 tvOS versions prior to 12.3 iTunes for Windows versions prior to 12.9.5 macOS Mojave versions prior to 10.14.5 macOS High Sierra versions without Security Update 2019-003 macOS Sierra versions without Security Update 2019-003 iOS versions prior to 12.3 **Description** The issue is related to an out-of-bounds read that can be triggered by processing a maliciously crafted font, potentially resulting in the disclosure of process memory. This can be exploited by attackers using a specially crafted font to disclose process memory. **Recommendations** For iCloud for Windows versions prior to 7.12, update to version 7.12 or later. For tvOS versions prior to 12.3, update to version 12.3 or later. For iTunes for Windows versions prior to 12.9.5, update to version 12.9.5 or later. For macOS Mojave versions prior to 10.14.5, update to version 10.14.5 or later. For macOS High Sierra, apply Security Update 2019-003. For macOS Sierra, apply Security Update 2019-003. For iOS versions prior to 12.3, update to version 12.3 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with system privileges. **Recommendations** For versions prior to 10.14.6, update to macOS Mojave 10.14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.4 Apple macOS versions prior to 10.14.6 Apple tvOS versions prior to 12.4 Apple watchOS versions prior to 5.3 **Description** The issue is related to an out-of-bounds read that can be triggered by parsing a maliciously crafted office document, potentially leading to an unexpected application termination or arbitrary code execution. **Recommendations** For Apple iOS versions prior to 12.4, update to iOS 12.4 or later. For Apple macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For Apple tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Apple watchOS versions prior to 5.3, update to watchOS 5.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.15 Apple macOS Mojave versions prior to 10.14.5 Apple tvOS versions prior to 12.3 Apple tvOS versions prior to 13 Apple watchOS versions prior to 5.2.1 Apple iOS versions prior to 12.3 Apple iOS versions prior to 13 **Description** A memory corruption issue was addressed with improved input validation. Playing a malicious audio file may lead to arbitrary code execution. **Recommendations** For macOS versions prior to 10.15, update to macOS Catalina 10.15 or later. For macOS Mojave versions prior to 10.14.5, apply Security Update 2019-003. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later. For iOS versions prior to 12.3, update to iOS 12.3 or later. For iOS versions prior to 13, update to iOS 13 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** The issue is related to an out-of-bounds read that has been addressed with improved input validation. Processing a maliciously crafted movie file may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Windows GDI (affected versions not specified) **Description** The issue is related to an information disclosure vulnerability in the Windows GDI component, which improperly discloses the contents of its memory. This can be exploited by attackers to obtain sensitive information, potentially affecting the confidentiality of protected information. The exploitation may occur through a specially crafted document or web page. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 10.14.4 Apple iOS versions prior to 12.2 Apple tvOS versions prior to 12.2 Apple watchOS versions prior to 5.2 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted font may result in the disclosure of process memory. **Recommendations** For macOS versions prior to 10.14.4, update to macOS Mojave 10.14.4 or later. For iOS versions prior to 12.2, update to iOS 12.2 or later. For tvOS versions prior to 12.2, update to tvOS 12.2 or later. For watchOS versions prior to 5.2, update to watchOS 5.2 or later.

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to the Windows GDI component, which improperly discloses the contents of its memory. This can be exploited by an attacker using a specially crafted document or web page to reveal protected information. The vulnerability allows attackers to obtain sensitive information and potentially affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in memory object handling mechanisms in the Windows GDI component, which can allow an attacker to disclose protected information using a specially crafted document file. This can enable attackers to obtain sensitive information and affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Windows (affected versions not specified) **Description** The issue is related to errors in memory object handling mechanisms in the Windows GDI component, allowing an attacker to disclose protected information using a specially crafted document file. It involves out-of-bounds read information disclosure, potentially affecting system security. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Adobe Acrobat Reader versions 2018.009.20050 and earlier Adobe Acrobat Reader versions 2017.011.30070 and earlier Adobe Acrobat Reader versions 2015.006.30394 and earlier **Description** The issue is caused by a computation that writes data past the end of the intended buffer, which is part of the image conversion module handling TIFF data. This can potentially allow an attacker to corrupt sensitive data or execute arbitrary code. The vulnerability is related to a heap-based buffer overflow during TIFF parsing, which can be leveraged for remote code execution. **Recommendations** For Adobe Acrobat Reader versions 2018.009.20050 and earlier, update to a version later than 2018.009.20050 to resolve the issue. For Adobe Acrobat Reader versions 2017.011.30070 and earlier, update to a version later than 2017.011.30070 to resolve the issue. For Adobe Acrobat Reader versions 2015.006.30394 and earlier, update to a version later than 2015.006.30394 to resolve the issue. As a temporary workaround, consider disabling the image conversion module that handles TIFF data until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xcode versions prior to 9 **Description** The issue involves the "ld64" component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted Mach-O file. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "ld64" component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xcode versions prior to 9 **Description** The issue involves the "ld64" component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted Mach-O file. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "ld64" component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xcode versions prior to 9 **Description** The issue involves the "ld64" component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted Mach-O file. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "ld64" component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Xcode versions prior to 9 **Description** The issue involves the "ld64" component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted Mach-O file. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue. As a temporary workaround, consider restricting the use of the "ld64" component until a patch is available.