이준성

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 18.3 iPadOS versions prior to 18.3 Description: A logic issue was addressed with improved checks, allowing photos in the Hidden Photos Album to be viewed without authentication. Recommendations: For iOS versions prior to 18.3, update to iOS 18.3 to resolve the issue. For iPadOS versions prior to 18.3, update to iPadOS 18.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 17.1 iOS versions prior to 17.1 iOS versions prior to 16.7.2 iPadOS versions prior to 17.1 iPadOS versions prior to 16.7.2 watchOS versions prior to 10.1 tvOS versions prior to 17.1 macOS Sonoma versions prior to 14.1 **Description** A use-after-free issue was addressed with improved memory management. Processing web content may lead to arbitrary code execution. The issue is related to the WebKit browser's web page display modules and is associated with the use of memory after it has been freed. Exploitation of the issue may allow a remote attacker to execute arbitrary code. **Recommendations** For Safari versions prior to 17.1, update to Safari 17.1 or later. For iOS versions prior to 17.1, update to iOS 17.1 or later. For iOS versions prior to 16.7.2, update to iOS 16.7.2 or later. For iPadOS versions prior to 17.1, update to iPadOS 17.1 or later. For iPadOS versions prior to 16.7.2, update to iPadOS 16.7.2 or later. For watchOS versions prior to 10.1, update to watchOS 10.1 or later. For tvOS versions prior to 17.1, update to tvOS 17.1 or later. For macOS Sonoma versions prior to 14.1, update to macOS Sonoma 14.1 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 17.1 iOS versions prior to 17.1 iOS versions prior to 16.7.2 iPadOS versions prior to 17.1 iPadOS versions prior to 16.7.2 watchOS versions prior to 10.1 tvOS versions prior to 17.1 macOS Sonoma versions prior to 14.1 **Description** The issue is related to a buffer overflow in the WebKit browser's web page display modules, which can lead to arbitrary code execution when processing web content. This can allow a remote attacker to execute arbitrary code. **Recommendations** For Safari version prior to 17.1, update to Safari 17.1 to resolve the issue. For iOS version prior to 17.1, update to iOS 17.1 to resolve the issue. For iOS version prior to 16.7.2, update to iOS 16.7.2 to resolve the issue. For iPadOS version prior to 17.1, update to iPadOS 17.1 to resolve the issue. For iPadOS version prior to 16.7.2, update to iPadOS 16.7.2 to resolve the issue. For watchOS version prior to 10.1, update to watchOS 10.1 to resolve the issue. For tvOS version prior to 17.1, update to tvOS 17.1 to resolve the issue. For macOS Sonoma version prior to 14.1, update to macOS Sonoma 14.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.6 tvOS versions prior to 17 iOS versions prior to 16.7 iPadOS versions prior to 16.7 macOS Monterey versions prior to 12.7 watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 macOS Sonoma versions prior to 14 **Description** The issue was addressed with improved memory handling. Processing web content may lead to a denial-of-service. **Recommendations** For macOS Ventura versions prior to 13.6, update to macOS Ventura 13.6. For tvOS versions prior to 17, update to tvOS 17. For iOS versions prior to 16.7, update to iOS 16.7. For iPadOS versions prior to 16.7, update to iPadOS 16.7. For macOS Monterey versions prior to 12.7, update to macOS Monterey 12.7. For watchOS versions prior to 10, update to watchOS 10. For iOS versions prior to 17, update to iOS 17. For iPadOS versions prior to 17, update to iPadOS 17. For macOS Sonoma versions prior to 14, update to macOS Sonoma 14.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 115.0.1 Thunderbird versions prior to 102.13.1 **Description** The issue exists due to the incorrect handling of the Unicode character for text direction override in filenames. This could allow a remote attacker to conduct spoofing attacks by making an executable file appear as a document file. **Recommendations** For versions prior to 115.0.1, update to version 115.0.1 or later to resolve the issue. For versions prior to 102.13.1, update to version 102.13.1 or later to resolve the issue. As a temporary workaround, consider disabling the handling of the Text Direction Override Unicode Character in filenames until a patch is available.