Adam Donenfeld

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.2 macOS Mojave versions prior to 10.14.4 tvOS versions prior to 12.2 watchOS versions prior to 5.2 **Description** A memory corruption issue was addressed with improved state management. A local user may be able to cause unexpected system termination or read kernel memory. **Recommendations** For iOS versions prior to 12.2, update to iOS 12.2 or later. For macOS Mojave versions prior to 10.14.4, update to macOS Mojave 10.14.4 or later. For tvOS versions prior to 12.2, update to tvOS 12.2 or later. For watchOS versions prior to 5.2, update to watchOS 5.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4.1 tvOS versions prior to 11.4.1 watchOS versions prior to 4.3.2 **Description** An out-of-bounds read issue existed, leading to the disclosure of kernel memory. This issue was addressed with improved input validation. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later. For tvOS versions prior to 11.4.1, update to tvOS 11.4.1 or later. For watchOS versions prior to 4.3.2, update to watchOS 4.3.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2.5 tvOS versions prior to 11.2.5 watchOS versions prior to 4.2.2 **Description** The issue involves the `Graphics Driver` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For iOS versions prior to 11.2.5, update to version 11.2.5 or later. For tvOS versions prior to 11.2.5, update to version 11.2.5 or later. For watchOS versions prior to 4.2.2, update to version 4.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the `AVEVideoEncoder` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the `AVEVideoEncoder` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the `AVEVideoEncoder` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `AVEVideoEncoder` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue is related to the AVEVideoEncoder component and involves a buffer overflow in memory, which can be exploited by a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted app. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the AVEVideoEncoder component and is caused by a buffer overflow in memory. This allows a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a specially crafted app. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the `AVEVideoEncoder` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the `AVEVideoEncoder` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the AVEVideoEncoder component and is caused by a buffer overflow in memory. This allows a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a specially crafted app. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 macOS versions prior to 10.12.5 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the `IOSurface` component and is related to insufficient access control. A race condition in this component allows attackers to execute arbitrary code in a privileged context via a crafted app. This can be exploited by a remote attacker to gain privileged access. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `IOSurface` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the `AVEVideoEncoder` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later to resolve the issue. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later to resolve the issue. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later to resolve the issue. As a temporary workaround, consider disabling the `AVEVideoEncoder` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Android versions prior to 2016-08-05 **Description** The issue allows attackers to gain privileges via a crafted application. This affects devices including Nexus 5, 5X, 6, 6P, and 7 (2013). **Recommendations** For Android versions prior to 2016-08-05, update to a version released after 2016-08-05 to resolve the issue.