Beist

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 **Description** A denial of service issue exists where an app may be able to modify protected parts of the file system. **Recommendations** Update macOS Sequoia to version 15.7.7. Update macOS Sonoma to version 14.8.7. Update macOS Tahoe to version 26.5.

**Name of the Vulnerable Software and Affected Versions** VMware Fusion (affected versions not specified) **Description** The issue is related to a local privilege escalation, where a malicious actor with read/write access to the host operating system can gain root access. This is due to insecure privilege management in the Raw Disk Handler component of the VMware Fusion hypervisor. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue is related to a format-string vulnerability in the Printing component of the operating system. This vulnerability can be exploited by a remote attacker using a specially crafted URL, such as `ipp:` or `ipps:`, to execute arbitrary code. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. As a temporary workaround, consider restricting access to the Printing component until the update is applied. Avoid using specially crafted URLs that could exploit the format-string vulnerability in the Printing component.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.5 **Description** The issue is caused by a buffer overflow in the AMD subsystem of the operating system. This can be exploited by a remote attacker using a specially crafted application, potentially allowing them to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. **Recommendations** For versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.4 **Description** The issue is caused by a buffer overflow in the Bluetooth component, allowing remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For Apple OS X versions prior to 10.11.4, update to version 10.11.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** OS X versions prior to 10.11.2 **Description** The issue is related to the Intel Graphics Driver component and is caused by pointer dereference errors. It can be exploited by local users to gain privileges or cause a denial of service. **Recommendations** For OS X versions prior to 10.11.2, update to version 10.11.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 Apple tvOS versions prior to 9.1 Apple watchOS versions prior to 2.1 **Description** The issue allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. It is caused by a buffer overflow in the IOHIDFamily driver of the operating systems. Exploitation of the issue may allow a remote attacker to execute arbitrary code in a privileged context or cause a denial of service. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For Apple tvOS versions prior to 9.1, update to version 9.1 or later. For Apple watchOS versions prior to 2.1, update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2 Apple OS X versions prior to 10.11.2 Apple tvOS versions prior to 9.1 Apple watchOS versions prior to 2.1 **Description** The issue is caused by a buffer overflow. It may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) using a specially crafted image. **Recommendations** For Apple iOS versions prior to 9.2, update to version 9.2 or later. For Apple OS X versions prior to 10.11.2, update to version 10.11.2 or later. For Apple tvOS versions prior to 9.1, update to version 9.1 or later. For Apple watchOS versions prior to 2.1, update to version 2.1 or later.

**Name of the Vulnerable Software and Affected Versions** Dev Tools in Apple iOS versions prior to 9 **Description** The issue is related to a buffer overflow in the dyld component, which can be exploited by attackers to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. This can be achieved via a crafted app. **Recommendations** For Dev Tools in Apple iOS versions prior to 9, update to version 9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** XNU in Apple iOS versions prior to 9 **Description** The issue is related to a lack of protection for internal data in the XNU kernel component of the iOS operating system. This could allow a local attacker to access protected information stored in memory. The problem arises from the improper initialization of an unspecified data structure, which can be exploited by local users to obtain sensitive memory layout information. **Recommendations** For versions prior to 9, update to a version 9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to errors in security settings of the dyld component in the iOS operating system. It allows a remote attacker to bypass a code-signing protection mechanism via a specially crafted app that places a signature in an executable file. **Recommendations** For versions prior to 9, update to version 9 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.5 **Description** The issue is related to the kernel in Apple OS X, which does not properly validate pathnames in the environment. This allows local users to gain privileges via unspecified vectors. The vulnerability is also described as being related to insufficient access restrictions to certain functions, which can be exploited by a local attacker to elevate their privileges. **Recommendations** For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.5 **Description** The issue is related to a component called UDF in the operating system, which has inadequate access control to files. This can be exploited by a local attacker using a malformed DMG image, potentially leading to privilege escalation or a denial of service, causing memory corruption and application crashes. **Recommendations** For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider avoiding the use of malformed DMG images to minimize the risk of exploitation. Restrict local access to the system to prevent potential attackers from exploiting the vulnerability.

**Name of the Vulnerable Software and Affected Versions** dyld in Apple OS X versions prior to 10.10.5 **Description** The issue is related to the dyld library in Mac OS X, which does not properly validate input. This allows a local attacker to gain privileges through unspecified vectors. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue.