Alex Radocea

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 visionOS versions prior to 26.5 **Description** A race condition occurs when the system attempts to perform two or more operations at the same time, but because of the nature of the device, the operations must be done in the correct sequence to be done correctly. This issue may allow an app to access sensitive user data. **Recommendations** Update iOS to version 18.7.9 or 26.5. Update iPadOS to version 18.7.9 or 26.5. Update macOS Sequoia to version 15.7.7. Update macOS Sonoma to version 14.8.7. Update macOS Tahoe to version 26.5. Update visionOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.7.7 macOS Tahoe versions prior to 26.5 **Description** A buffer overflow, which occurs when data exceeds the allocated memory boundary, was addressed with improved bounds checking. A remote attacker may be able to cause unexpected system termination. **Recommendations** Update macOS Sequoia to version 15.7.7. Update macOS Tahoe to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** A use-after-free issue—a memory corruption flaw where a program continues to use a pointer after it has been freed—exists in the Wi-Fi component. This flaw is pre-authentication and requires no user interaction. An attacker in a privileged network position can exploit this by sending crafted Wi-Fi packets to cause a denial-of-service attack. **Recommendations** Update iOS to version 18.7.9 or 26.5 Update iPadOS to version 18.7.9 or 26.5 Update macOS Sequoia to version 15.7.7 Update macOS Sonoma to version 14.8.7 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update watchOS to version 26.5

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** A race condition occurs when the timing or sequence of events is not properly controlled, which could allow an app to access sensitive user data. This issue was addressed by implementing additional validation. **Recommendations** Update iOS to version 26.5 Update iPadOS to version 26.5 Update macOS Sequoia to version 15.7.7 Update macOS Sonoma to version 14.8.7 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update visionOS to version 26.5 Update watchOS to version 26.5

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.7 iOS versions prior to 26.4 iPadOS versions prior to 18.7.7 iPadOS versions prior to 26.4 macOS Sequoia versions prior to 15.7.5 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 tvOS versions prior to 26.4 visionOS versions prior to 26.4 watchOS versions prior to 26.4 **Description** A local attacker may be able to modify the state of the Keychain due to insufficient input validation. **Recommendations** Update iOS to version 18.7.7 or 26.4 Update iPadOS to version 18.7.7 or 26.4 Update macOS Sequoia to version 15.7.5 Update macOS Sonoma to version 14.8.5 Update macOS Tahoe to version 26.4 Update tvOS to version 26.4 Update visionOS to version 26.4 Update watchOS to version 26.4

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 26.1 macOS Sonoma versions prior to 14.8.2 macOS Sequoia versions prior to 15.7.2 watchOS versions prior to 26.1 iOS versions prior to 26.1 iPadOS versions prior to 26.1 tvOS versions prior to 26.1 **Description** A sandboxed application may be able to observe system-wide network connections due to insufficient restrictions. **Recommendations** Update visionOS to version 26.1. Update macOS Sonoma to version 14.8.2. Update macOS Sequoia to version 15.7.2. Update watchOS to version 26.1. Update iOS to version 26.1. Update iPadOS to version 26.1. Update tvOS to version 26.1.

**Name of the Vulnerable Software and Affected Versions** vixie cron versions prior to 9cc8ab1 OpenBSD versions 7.4 and 7.5 **Description** The issue allows a heap-based buffer underflow and memory corruption in cron/entry.c. This was introduced during a May 2023 refactoring. **Recommendations** For vixie cron versions prior to 9cc8ab1, update to a version that includes the fix for the heap-based buffer underflow. For OpenBSD versions 7.4 and 7.5, update the vixie cron package to a version that includes the fix for the heap-based buffer underflow. As a temporary workaround, consider restricting access to the `set range()` function in crontab until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iNet wireless daemon (IWD) versions 2.15 and earlier **Description** The issue is related to initialization problems in the p2putil.c component of the iNet wireless daemon (IWD), which can cause a denial of service (daemon crash) or possibly have other unspecified impacts when parsing of advertised service information fails. This can be exploited by a remote attacker. The vulnerability is particularly powerful as it can lead to information leaks, helping to bypass ASLR and other hardening measures. The problem occurs in the extract p2p advertised service info() function, where errors in processing can result in a double-free condition. **Recommendations** For iNet wireless daemon (IWD) versions 2.15 and earlier, consider disabling the `extract p2p advertised service info()` function as a temporary workaround until a patch is available. Restrict access to the vulnerable `p2putil.c` component to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 macOS versions prior to 10.12.4 tvOS versions prior to 10.2 **Description** The issue involves the Keychain component and is related to the lack of protection for service data. It may allow a remote attacker to cause a denial of service or have other impacts on the system. The problem can be exploited by man-in-the-middle attackers to bypass an iCloud Keychain secret protection mechanism by leveraging the lack of authentication for OTR packets. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For macOS versions prior to 10.12.4, update to version 10.12.4 or later. For tvOS versions prior to 10.2, update to version 10.2 or later.