Andrew Calvano

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.8.3 macOS Sequoia versions prior to 15.7.3 **Description** A memory corruption issue exists due to insufficient bounds checking. Exploitation of this issue may result in unexpected application termination when processing malicious data. **Recommendations** Update to macOS Sonoma version 14.8.3 or later. Update to macOS Sequoia version 15.7.3 or later.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 26.2 iOS versions prior to 26.2 iPadOS versions prior to 26.2 macOS versions prior to Tahoe 26.2 visionOS versions prior to 26.2 tvOS versions prior to 26.2 **Description** The software contains multiple memory corruption issues due to insufficient input validation. A specially crafted HID (Human Interface Device) could potentially cause a process to crash unexpectedly. **Recommendations** Update to watchOS version 26.2 or later. Update to iOS version 26.2 or later. Update to iPadOS version 26.2 or later. Update to macOS version Tahoe 26.2 or later. Update to visionOS version 26.2 or later. Update to tvOS version 26.2 or later.

**Name of the Vulnerable Software and Affected Versions** OpenH264 versions 2.5.0 and earlier **Description** OpenH264 contains a heap overflow vulnerability in its decoding functions. This issue is due to a race condition occurring between a Sequence Parameter Set (SPS) memory allocation and a subsequent non-Instantaneous Decoder Refresh (non-IDR) Network Abstraction Layer (NAL) unit memory usage. An attacker can exploit this by crafting a malicious bitstream and tricking a user into processing a video containing it. Successful exploitation could lead to a crash or potentially allow the attacker to execute arbitrary commands. Both Scalable Video Coding (SVC) and Advanced Video Coding (AVC) modes are affected. **Recommendations** Upgrade OpenH264 to version 2.6.0 or later.