Wenchao Li

Nome do software vulnerável e versões afetadas: versões do visionOS anteriores à 2.1 versões do iOS anteriores à 18.1 versões do iPadOS anteriores à 18.1 versões do iOS anteriores à 17.7.1 versões do iPadOS anteriores à 17.7.1 versões do tvOS anteriores à 18.1 versões do macOS Sonoma anteriores à 14.7.1 Versões do watchOS anteriores à 11.1 Versões do macOS Ventura anteriores à 13.7.1 Descrição: Um problema de negação de serviço foi corrigido com a validação aprimorada de entradas. Um invasor remoto pode ser capaz de causar uma negação de serviço. Recomendações: Atualize para o visionOS 2.1 ou posterior. Atualize para o iOS 18.1 ou posterior. Atualize para o iPadOS 18.1 ou posterior. Atualize para o iOS 17.7.1 ou posterior. Atualize para o iPadOS 17.7.1 ou posterior. Atualize para o tvOS 18.1 ou posterior. Atualize para o macOS Sonoma 14.7.1 ou posterior. Atualize para o watchOS 11.1 ou posterior. Atualize para o macOS Ventura 13.7.1 ou posterior.

**Name of the Vulnerable Software and Affected Versions** exempi versions 2.5.0 and earlier **Description** The issue is related to a Buffer Overflow vulnerability in the `ID3 Support::ID3v2Frame::getFrameValue` function. This vulnerability can be exploited by remote attackers to cause a denial of service via the opening of a crafted audio file with an ID3V2 frame. The vulnerability is associated with a buffer overflow in memory, which can be triggered by a specially crafted audio file. **Recommendations** For exempi versions 2.5.0 and earlier, consider updating to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exempi versions 2.5.0 and earlier **Description** The issue allows remote attackers to cause a denial of service via the opening of crafted webp files. This is due to a Buffer Overflow vulnerability in the WEBP Support.cpp file. **Recommendations** For versions 2.5.0 and earlier, consider disabling the processing of webp files until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.5 **Description** The issue allows an app to bypass Privacy preferences. It was addressed with improved checks. **Recommendations** For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 9.5 iOS versions prior to 15.7.6 and prior to 16.5 iPadOS versions prior to 15.7.6 and prior to 16.5 macOS versions prior to Ventura 13.4 **Description** The issue is related to insufficient warnings about dangerous actions, which may allow an attacker to bypass existing security restrictions. A shortcut may be able to use sensitive data with certain actions without prompting the user. **Recommendations** For watchOS versions prior to 9.5, update to watchOS 9.5 or later. For iOS versions prior to 15.7.6, update to iOS 15.7.6 or later. For iOS versions prior to 16.5, update to iOS 16.5 or later. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 or later. For iPadOS versions prior to 16.5, update to iPadOS 16.5 or later. For macOS versions prior to Ventura 13.4, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.6 iPadOS versions prior to 15.7.6 macOS Big Sur versions prior to 11.7.7 macOS Monterey versions prior to 12.6.6 macOS Ventura versions prior to 13.4 **Description** A logic issue was addressed with improved state management, which may allow an app to modify protected parts of the file system. **Recommendations** For iOS versions prior to 15.7.6, update to iOS 15.7.6 or later. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 or later. For macOS Big Sur versions prior to 11.7.7, update to macOS Big Sur 11.7.7 or later. For macOS Monterey versions prior to 12.6.6, update to macOS Monterey 12.6.6 or later. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.3 macOS Monterey versions prior to 12.6.4 iOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 16.4 iPadOS versions prior to 15.7.4 tvOS versions prior to 16.4 watchOS versions prior to 9.4 **Description** The issue allows a shortcut to use sensitive data with certain actions without prompting the user. This was addressed with additional permissions checks. **Recommendations** For macOS Ventura versions prior to 13.3, update to macOS Ventura 13.3. For macOS Monterey versions prior to 12.6.4, update to macOS Monterey 12.6.4. For iOS versions prior to 16.4, update to iOS 16.4. For iOS versions prior to 15.7.4, update to iOS 15.7.4. For iPadOS versions prior to 16.4, update to iPadOS 16.4. For iPadOS versions prior to 15.7.4, update to iPadOS 15.7.4. For tvOS versions prior to 16.4, update to tvOS 16.4. For watchOS versions prior to 9.4, update to watchOS 9.4.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.2.1 **Description** The issue is related to insecure temporary files in the Shortcuts component of macOS Ventura, which may allow an attacker to access confidential information. This privacy issue can be exploited by an app to observe unprotected user data due to improper handling of temporary files. **Recommendations** For macOS Ventura versions prior to 13.2.1, update to version 13.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.

**Nome do software vulnerável e versões afetadas** Versões do Apple iOS anteriores à 13.5 Versões do Apple iPadOS anteriores à 13.5 Versões do Apple macOS Catalina anteriores à 10.15.5 Versões do Apple tvOS anteriores à 13.4.5 Versões do Apple watchOS anteriores à 6.2.5 Versões do Apple iTunes para Windows anteriores à 12.10.7 Versões do Apple iCloud para Windows anteriores à 11.2 e 7.19 **Descrição** O problema está relacionado a uma falha de gravação fora dos limites, que foi corrigida com uma verificação de limites aprimorada. O processamento de uma imagem criada de forma maliciosa pode levar à execução de código arbitrário. A vulnerabilidade pode ser explorada por um invasor remoto para executar código arbitrário. **Recomendações** Para versões do iOS anteriores à 13.5, atualize para o iOS 13.5 ou posterior. Para versões do iPadOS anteriores à 13.5, atualize para o iPadOS 13.5 ou posterior. Para versões do macOS Catalina anteriores à 10.15.5, atualize para o macOS Catalina 10.15.5 ou posterior. Para versões do tvOS anteriores à 13.4.5, atualize para o tvOS 13.4.5 ou posterior. Para versões do watchOS anteriores à 6.2.5, atualize para o watchOS 6.2.5 ou posterior. Para versões do iTunes para Windows anteriores à 12.10.7, atualize para o iTunes 12.10.7 ou posterior. Para versões do iCloud para Windows anteriores à 11.2 e 7.19, atualize para o iCloud para Windows 11.2 ou posterior e 7.19 ou posterior.