Shrek_Wzw

**Nome do software vulnerável e versões afetadas** Versões do macOS anteriores à 11.4 Versões da Atualização de Segurança anteriores à 2021-003 Catalina Versões da Atualização de Segurança anteriores à 2021-004 Mojave **Descrição** Foi corrigida uma falha lógica por meio de um gerenciamento de estado aprimorado, que poderia permitir que um usuário local causasse o encerramento inesperado do sistema ou lesse a memória do kernel. **Recomendações** Para versões do macOS anteriores à 11.4, atualize para o macOS Big Sur 11.4 ou posterior. Para versões da Atualização de Segurança anteriores à 2021-003 Catalina, aplique a Atualização de Segurança 2021-003 Catalina ou posterior. Para versões da Atualização de Segurança anteriores à 2021-004 Mojave, aplique a Atualização de Segurança 2021-004 Mojave ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do macOS anteriores ao Big Sur 11.1 Versões da Atualização de Segurança anteriores à 2020-001 no Catalina Versões da Atualização de Segurança anteriores à 2020-007 no Mojave **Descrição** Foi corrigida uma falha de validação com uma lógica aprimorada, que permitia que um aplicativo potencialmente executasse código arbitrário com privilégios de kernel. **Recomendações** Para o macOS Big Sur, atualize para a versão 11.1 ou posterior. Para o macOS Catalina, aplique a Atualização de Segurança 2020-001 ou posterior. Para o macOS Mojave, aplique a Atualização de Segurança 2020-007 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do macOS Mojave anteriores à 10.14.5 Versões da Atualização de Segurança anteriores à 2019-003 High Sierra Versões da Atualização de Segurança anteriores à 2019-003 Sierra Versões do watchOS anteriores à 5.2 macOS Mojave versão 10.14.4 Versões da Atualização de Segurança anteriores à 2019-002 High Sierra Versões da Atualização de Segurança anteriores à 2019-002 Sierra Versões do iOS anteriores à 12.2 **Descrição** Um problema de corrupção de memória foi corrigido com um gerenciamento de estado aprimorado, permitindo que um aplicativo pudesse executar código arbitrário com privilégios de kernel. **Recomendações** Para versões do macOS Mojave anteriores à 10.14.5, atualize para o macOS Mojave 10.14.5. Para versões da Atualização de Segurança anteriores à 2019-003 High Sierra, aplique a Atualização de Segurança 2019-003. Para versões da Atualização de Segurança anteriores à 2019-003 Sierra, aplique a Atualização de Segurança 2019-003. Para versões do watchOS anteriores à 5.2, atualize para o watchOS 5.2. Para a versão 10.14.4 do macOS Mojave, atualize para o macOS Mojave 10.14.5. Para versões da Atualização de Segurança anteriores à 2019-002 High Sierra, aplique a Atualização de Segurança 2019-003. Para versões da Atualização de Segurança anteriores à 2019-002 Sierra, aplique a Atualização de Segurança 2019-003. Para versões do iOS anteriores à 12.2, atualize para o iOS 12.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.4 **Description** A buffer overflow issue was addressed through improved size validation, which could allow a malicious application to execute arbitrary code with kernel privileges. **Recommendations** For versions prior to 10.14.4, update to macOS Mojave 10.14.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.6 **Description** An information disclosure issue was addressed by removing the vulnerable code. **Recommendations** For versions prior to 10.13.6, update to macOS High Sierra 10.13.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A memory initialization issue was addressed with improved memory handling. A malicious application may be able to break out of its sandbox. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.1.3 Apple tvOS versions prior to 12.1.2 Apple watchOS versions prior to 5.1.3 Apple Safari versions prior to 12.0.3 Apple iTunes for Windows versions prior to 12.9.3 Apple iCloud for Windows versions prior to 7.10 **Description** The issue is related to memory corruption and can be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is caused by a buffer overflow in the WebKit display module. A remote attacker can exploit this issue using a specially crafted web page, allowing for remote code execution. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes for Windows versions prior to 12.9.3, update to iTunes 12.9.3 or later. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An out-of-bounds read issue was addressed through improved input validation. **Recommendations** For versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An out-of-bounds read issue was addressed through improved input validation. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** A buffer overflow issue was addressed through improved bounds checking. **Recommendations** For versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** A buffer overflow issue was addressed through improved size validation. **Recommendations** For versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An input validation issue existed in the kernel, which has been addressed with improved input validation. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue is related to an out-of-bounds read operation in the AMD component of the operating system, which can be exploited by a local user using a specially crafted application. This can lead to a denial of service or allow bypassing intended memory-read restrictions. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the `Bluetooth` component and allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties. It is related to an incorrect implementation of security mechanisms in the Bluetooth component, which can be exploited to disclose protected information about the kernel memory layout. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider disabling the Bluetooth component until a patch is available. Restrict access to sensitive device properties to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 11 macOS versions prior to 10.13 tvOS versions prior to 11 watchOS versions prior to 4 Description: The issue involves the Kernel component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app, resulting in memory corruption. Recommendations: For iOS versions prior to 11, update to version 11 or later. For macOS versions prior to 10.13, update to version 10.13 or later. For tvOS versions prior to 11, update to version 11 or later. For watchOS versions prior to 4, update to version 4 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.12.6 Description: The issue involves the `AppleGraphicsControl` component, allowing attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Recommendations: For versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 macOS versions prior to 10.12.6 tvOS versions prior to 10.2.2 watchOS versions prior to 3.2.3 **Description** The issue involves the "IOUSBFamily" component and is caused by a buffer overflow in memory. This allows an attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a specially crafted app. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later to resolve the issue. For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later to resolve the issue. For watchOS versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue is caused by a buffer overflow in the Intel Graphics Driver component of the operating system, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue involves the `Intel Graphics Driver` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `Intel Graphics Driver` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue involves the Intel Graphics Driver component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.