Wen Xu

**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 13.6 Versões do iPadOS anteriores à 13.6 Versões do tvOS anteriores à 13.4.8 Versões do watchOS anteriores à 6.2.8 Versões do Safari anteriores à 13.1.2 Versões do iTunes para Windows anteriores à 12.10.8 Versões do iCloud para Windows anteriores à 11.3 e 7.20 **Descrição** Um problema de uso após liberação de memória foi corrigido com o aprimoramento do gerenciamento de memória. Um invasor remoto pode ser capaz de causar o encerramento inesperado do aplicativo ou a execução de código arbitrário. **Recomendações** Para versões do iOS anteriores à 13.6, atualize para o iOS 13.6 ou posterior. Para versões do iPadOS anteriores à 13.6, atualize para o iPadOS 13.6 ou posterior. Para versões do tvOS anteriores à 13.4.8, atualize para o tvOS 13.4.8 ou posterior. Para versões do watchOS anteriores à 6.2.8, atualize para o watchOS 6.2.8 ou posterior. Para versões do Safari anteriores à 13.1.2, atualize para o Safari 13.1.2 ou posterior. Para versões do iTunes para Windows anteriores à 12.10.8, atualize para o iTunes 12.10.8 ou posterior. Para versões do iCloud para Windows anteriores à 11.3 e 7.20, atualize para o iCloud para Windows 11.3 ou 7.20 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 13.5 Versões do iPadOS anteriores à 13.5 Versões do tvOS anteriores à 13.4.5 Versões do watchOS anteriores à 6.2.5 Versões do Safari anteriores à 13.1.1 Versões do iTunes para Windows anteriores à 12.10.7 Versões do iCloud para Windows anteriores à 11.2 e 7.19 **Descrição** Um problema de corrupção de memória foi resolvido com o aprimoramento do gerenciamento de estado. O processamento de conteúdo da web criado de forma maliciosa pode levar à execução de código arbitrário. A vulnerabilidade está relacionada a um estouro de buffer no módulo WebKit, que pode ser explorado por um invasor remoto usando conteúdo da web malicioso. **Recomendações** Para versões do iOS anteriores à 13.5, atualize para o iOS 13.5 ou posterior. Para versões do iPadOS anteriores à 13.5, atualize para o iPadOS 13.5 ou posterior. Para versões do tvOS anteriores à 13.4.5, atualize para o tvOS 13.4.5 ou posterior. Para versões do watchOS anteriores à 6.2.5, atualize para o watchOS 6.2.5 ou posterior. Para versões do Safari anteriores à 13.1.1, atualize para o Safari 13.1.1 ou posterior. Para versões do iTunes para Windows anteriores à 12.10.7, atualize para o iTunes 12.10.7 ou posterior. Para versões do iCloud para Windows anteriores à 11.2 e 7.19, atualize para o iCloud para Windows 11.2 ou 7.19 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do Safari anteriores à 13.1.1 Versões do iOS anteriores à 13.5 Versões do iPadOS anteriores à 13.5 Versões do tvOS anteriores à 13.4.5 Versões do watchOS anteriores à 6.2.5 Versões do iTunes para Windows anteriores à 12.10.7 Versões do iCloud para Windows anteriores à 11.2 e 7.19 **Descrição** O problema está relacionado a uma falha de corrupção de memória no módulo WebKit, que pode ser explorada pelo processamento de conteúdo da web criado de forma maliciosa, levando potencialmente à execução de código arbitrário. Isso pode ser feito por um invasor remoto usando conteúdo da web prejudicial. **Recomendações** Para versões do Safari anteriores à 13.1.1, atualize para a versão 13.1.1 ou posterior. Para versões do iOS anteriores à 13.5, atualize para a versão 13.5 ou posterior. Para versões do iPadOS anteriores à 13.5, atualize para a versão 13.5 ou posterior. Para versões do tvOS anteriores à 13.4.5, atualize para a versão 13.4.5 ou posterior. Para versões do watchOS anteriores à 6.2.5, atualize para a versão 6.2.5 ou posterior. Para versões do iTunes para Windows anteriores à 12.10.7, atualize para a versão 12.10.7 ou posterior. Para versões do iCloud para Windows anteriores à 11.2 e 7.19, atualize para a versão 11.2 ou 7.19 ou posterior.

**Nome do software vulnerável e versões afetadas** Versões do iOS anteriores à 13.5 Versões do iPadOS anteriores à 13.5 Versões do tvOS anteriores à 13.4.5 Versões do watchOS anteriores à 6.2.5 Versões do Safari anteriores à 13.1.1 Versões do iTunes anteriores à 12.10.7 para Windows Versões do iCloud para Windows anteriores à 11.2 e 7.19 **Descrição** A vulnerabilidade está relacionada a um problema de corrupção de memória causado por um estouro de buffer, que pode ser desencadeado pelo processamento de conteúdo da web criado de forma maliciosa. Isso pode permitir que um invasor remoto execute código arbitrário no sistema alvo. **Recomendações** Para versões do iOS anteriores à 13.5, atualize para o iOS 13.5 ou posterior. Para versões do iPadOS anteriores à 13.5, atualize para o iPadOS 13.5 ou posterior. Para versões do tvOS anteriores à 13.4.5, atualize para o tvOS 13.4.5 ou posterior. Para versões do watchOS anteriores à 6.2.5, atualize para o watchOS 6.2.5 ou posterior. Para versões do Safari anteriores à 13.1.1, atualize para o Safari 13.1.1 ou posterior. Para versões do iTunes anteriores à 12.10.7 para Windows, atualize para o iTunes 12.10.7 para Windows ou posterior. Para versões do iCloud para Windows anteriores à 11.2 e 7.19, atualize para o iCloud para Windows 11.2 ou 7.19 ou posterior.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue arises from multiple memory corruption problems that have been resolved through enhanced memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** Update to iOS 12.3 or later. Update to macOS Mojave 10.14.5 or later. Update to tvOS 12.3 or later. Update to Safari 12.1.1 or later. Update to iTunes for Windows 12.9.5 or later. Update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.2 iPadOS versions prior to 13.2 macOS Catalina versions prior to 10.15.1 tvOS versions prior to 13.2 watchOS versions prior to 6.1 **Description** A memory corruption issue was addressed with improved memory handling, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 13.2, update to iOS 13.2 or later. For iPadOS versions prior to 13.2, update to iPadOS 13.2 or later. For macOS Catalina versions prior to 10.15.1, update to macOS Catalina 10.15.1 or later. For tvOS versions prior to 13.2, update to tvOS 13.2 or later. For watchOS versions prior to 6.1, update to watchOS 6.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.2 tvOS versions prior to 12.2 Safari versions prior to 12.1 iTunes for Windows versions prior to 12.9.4 **Description** A memory corruption issue was addressed with improved validation, which could allow a sandboxed process to circumvent sandbox restrictions. **Recommendations** For iOS versions prior to 12.2, update to iOS 12.2 or later. For tvOS versions prior to 12.2, update to tvOS 12.2 or later. For Safari versions prior to 12.1, update to Safari 12.1 or later. For iTunes for Windows versions prior to 12.9.4, update to iTunes 12.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to type confusion in JavaScript, which can be exploited by a remote attacker to potentially cause heap corruption via a crafted HTML page. This could allow the attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to type confusion in JavaScript, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page, allowing them to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to a type confusion in JavaScript, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page, allowing unauthorized access to sensitive information and potentially disrupting its integrity and availability. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK (affected versions not specified) **Description** A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and use after free, which may lead to arbitrary code execution when processing maliciously crafted web content. This can allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is caused by a buffer overflow in memory, which may allow a remote attacker to execute arbitrary code using a specially crafted website. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For watchOS versions prior to 5.3, update to watchOS 5.3 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An information disclosure issue exists due to the scripting engine's improper handling of objects in memory. This could allow a remote attacker to disclose protected information using a specially crafted web page. The attacker could obtain information to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue is related to memory corruption and buffer overflow in memory, which may lead to arbitrary code execution when processing maliciously crafted web content. This can allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue is related to multiple memory corruption problems, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. Exploitation of these issues may allow a remote attacker to execute arbitrary code using a specially crafted website. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue is related to multiple memory corruption problems, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. Exploitation of these issues may allow a remote attacker to execute arbitrary code using a specially crafted website. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 74.0.3729.108 **Description** The issue is related to an integer overflow in the ANGLE library of Google Chrome, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This could potentially lead to data integrity issues, unauthorized access to protected information, and denial of service. **Recommendations** For versions prior to 74.0.3729.108, update to version 74.0.3729.108 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge and Internet Explorer (affected versions not specified) **Description** A remote code execution issue exists due to errors in handling objects in memory by the scripting engine in Microsoft browsers. This could allow a remote attacker to execute arbitrary code in the context of the current user, potentially gaining the same user rights as the current user. If the current user has administrative rights, the attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 tvOS versions prior to 12.1.2 Safari versions prior to 12.0.3 iTunes versions prior to 12.9.3 for Windows iCloud for Windows versions prior to 7.10 **Description** The issue is caused by a buffer overflow in memory, which may lead to arbitrary code execution when processing maliciously crafted web content. This can allow a remote attacker to execute arbitrary code using a specially crafted website. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes versions prior to 12.9.3 for Windows, update to iTunes 12.9.3 or later for Windows. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.