0Xjprx

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 **Description** A use after free issue existed due to improper memory management. This could allow an application to cause unexpected system termination. **Recommendations** Update to macOS Sonoma version 14.8.2 or later. Update to macOS Sequoia version 15.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.5 macOS Sonoma versions prior to 14.7.6 **Description** The issue was addressed with improved memory handling. Connecting to a malicious AFP server may corrupt kernel memory. **Recommendations** For macOS versions prior to 15.5, update to macOS Sequoia 15.5 to resolve the issue. For macOS Sonoma versions prior to 14.7.6, update to macOS Sonoma 14.7.6 to resolve the issue. As a temporary workaround, consider restricting access to AFP servers to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.7.3 iPadOS versions prior to 17.7.4 macOS Sequoia versions prior to 15.3 **Description** The issue is a race condition within the `kauth cred proc update()` function of the macOS and iPadOS kernel. This race condition, stemming from improper synchronization when sharing a resource, can lead to out-of-bounds writes in memory. Successful exploitation may allow a remote attacker to cause a denial of service or potentially gain unauthorized access. The issue was addressed through improved memory handling. Reports indicate the potential for applications to cause unexpected system termination or write to kernel memory. **Recommendations** Update macOS to version 14.7.3 or later. Update iPadOS to version 17.7.4 or later. Update macOS Sequoia to version 15.3 or later.

Name of the Vulnerable Software and Affected Versions: iPadOS versions prior to 17.7.3 watchOS versions prior to 11.2 tvOS versions prior to 18.2 macOS Sequoia versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 macOS Ventura versions prior to 13.7.2 macOS Sonoma versions prior to 14.7.2 Description: A race condition was addressed with improved locking, which may have allowed an application to leak sensitive kernel state information. Recommendations: For iPadOS versions prior to 17.7.3, update to iPadOS 17.7.3. For watchOS versions prior to 11.2, update to watchOS 11.2. For tvOS versions prior to 18.2, update to tvOS 18.2. For macOS Sequoia versions prior to 15.2, update to macOS Sequoia 15.2. For iOS versions prior to 18.2, update to iOS 18.2. For iPadOS versions prior to 18.2, update to iPadOS 18.2. For macOS Ventura versions prior to 13.7.2, update to macOS Ventura 13.7.2. For macOS Sonoma versions prior to 14.7.2, update to macOS Sonoma 14.7.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** A type confusion issue was addressed with improved memory handling. An attacker with user privileges may be able to read kernel memory due to information leakage caused by an initial 4-byte load in the XNU kernel. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue. For iOS versions prior to 18.2, update to iOS 18.2 to resolve the issue. For iPadOS versions prior to 18.2, update to iPadOS 18.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.6.7 macOS Monterey versions prior to 12.7.5 iOS versions prior to 16.7.8 iPadOS versions prior to 16.7.8 tvOS versions prior to 17.5 visionOS versions prior to 1.2 iOS versions prior to 17.5 iPadOS versions prior to 17.5 watchOS versions prior to 10.5 **Description** The issue was addressed with improved memory handling. An attacker that has already achieved kernel code execution may be able to bypass kernel memory protections. **Recommendations** For macOS Ventura versions prior to 13.6.7, update to macOS Ventura 13.6.7. For macOS Monterey versions prior to 12.7.5, update to macOS Monterey 12.7.5. For iOS versions prior to 16.7.8, update to iOS 16.7.8. For iPadOS versions prior to 16.7.8, update to iPadOS 16.7.8. For tvOS versions prior to 17.5, update to tvOS 17.5. For visionOS versions prior to 1.2, update to visionOS 1.2. For iOS versions prior to 17.5, update to iOS 17.5. For iPadOS versions prior to 17.5, update to iPadOS 17.5. For watchOS versions prior to 10.5, update to watchOS 10.5.

**Name of the Vulnerable Software and Affected Versions** tvOS versions prior to 17.5 visionOS versions prior to 1.2 iOS versions prior to 17.5 iPadOS versions prior to 17.5 watchOS versions prior to 10.5 macOS Sonoma versions prior to 14.5 **Description** An out-of-bounds write issue was addressed with improved input validation, allowing an app to potentially execute arbitrary code with kernel privileges. The issue is related to a buffer overflow in the XNU kernel, specifically in the `sbconcat mbufs` function, where ` MSIZE` was used instead of `MLEN`. **Recommendations** For tvOS versions prior to 17.5, update to tvOS 17.5 or later. For visionOS versions prior to 1.2, update to visionOS 1.2 or later. For iOS versions prior to 17.5, update to iOS 17.5 or later. For iPadOS versions prior to 17.5, update to iPadOS 17.5 or later. For watchOS versions prior to 10.5, update to watchOS 10.5 or later. For macOS Sonoma versions prior to 14.5, update to macOS Sonoma 14.5 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sonoma 14 iOS versions prior to 17 iPadOS versions prior to 17 **Description** A type confusion issue in the kernel of macOS, iOS, and iPadOS allows a remote user to execute arbitrary code. This issue is related to an error in type conversion. The estimated number of potentially affected devices is not specified. **Recommendations** For macOS versions prior to Sonoma 14, update to macOS Sonoma 14 or later. For iOS versions prior to 17, update to iOS 17 or later. For iPadOS versions prior to 17, update to iPadOS 17 or later.