David Kohlbrenner

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.

**Name of the Vulnerable Software and Affected Versions** AMD processors (affected versions not specified) **Description** A potential issue in AMD processors using frequency scaling may allow an authenticated attacker to execute a timing attack, potentially enabling information disclosure. The vulnerability is related to the implementation of Dynamic Voltage and Frequency Scaling (DVFS) in AMD processor microcode, which is associated with inadequate protection of physical side channels. Exploitation of the issue may allow a remote attacker to gain unauthorized access to protected information using a side channel. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Intel(R) Processors (affected versions not specified) **Description** The issue is related to observable behavioral power management throttling and errors in the dynamic frequency adjustment process of Intel processor microcode, specifically concerning Dynamic Voltage and Frequency Scaling (DVFS) technology. This may allow an authenticated user or a remote attacker to potentially enable information disclosure via network access or side-channel attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 Safari versions prior to 10.1.2 tvOS versions prior to 10.2.2 **Description** The issue involves the WebKit component and allows remote attackers to conduct a timing side-channel attack. This attack can bypass the Same Origin Policy, enabling attackers to obtain sensitive information via a crafted web site that uses SVG filters. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later. For Safari versions prior to 10.1.2, update to version 10.1.2 or later. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 52 Firefox ESR versions prior to 45.8 Thunderbird versions prior to 52 Thunderbird versions prior to 45.8 **Description** A malicious page can extract pixel values from a targeted user by using SVG filters that don't use the fixed point math implementation on a target iframe. This can be used to extract history information and read text values across domains, violating the same-origin policy and leading to information disclosure. **Recommendations** For Firefox versions prior to 52, update to version 52 or later. For Firefox ESR versions prior to 45.8, update to version 45.8 or later. For Thunderbird versions prior to 52, update to version 52 or later. For Thunderbird versions prior to 45.8, update to version 45.8 or later.