Dawuge

**Name of the Vulnerable Software and Affected Versions** Samsung Secure Folder versions prior to SMR Mar-2026 Release 1 **Description** A flaw exists due to the improper export of Android application components within Secure Folder. This allows local attackers to launch arbitrary activity with Secure Folder privileges. **Recommendations** Update to SMR Mar-2026 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Cloud versions prior to 5.6.11 **Description** A flaw exists in Samsung Cloud that involves improper handling of insufficient permissions. This allows local attackers to access specific files in arbitrary paths. **Recommendations** Update Samsung Cloud to version 5.6.11 or later.

**Name of the Vulnerable Software and Affected Versions** libpadm.so versions prior to SMR Oct-2025 Release 1 **Description** An out-of-bounds write exists in the parsing header for JPEG decoding. This issue can lead to memory corruption for local attackers. The vulnerable component is `libpadm.so`. **Recommendations** Update to SMR Oct-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** libpadm.so versions prior to SMR Oct-2025 Release 1 **Description** An out-of-bounds write issue exists during the pre-processing of JPEG decoding. This can lead to memory corruption for local attackers. The issue is present in libpadm.so prior to SMR Oct-2025 Release 1. **Recommendations** Update libpadm.so to SMR Oct-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** libpadm.so versions prior to SMR Oct-2025 Release 1 **Description** An out-of-bounds read issue exists in the parsing header for JPEG decoding. This can allow a local attacker to potentially access memory outside of the intended boundaries. The issue is present in libpadm.so prior to SMR Oct-2025 Release 1. **Recommendations** Update libpadm.so to SMR Oct-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** libpadm.so versions prior to SMR Oct-2025 Release 1 **Description** An out-of-bounds write issue exists in the JPEG decoding pre-processing within libpadm.so. This allows a local attacker to write to memory outside of allocated boundaries. The issue is present in versions of libpadm.so prior to SMR Oct-2025 Release 1. **Recommendations** Update libpadm.so to SMR Oct-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** versions prior to SMR Oct-2025 Release 1 **Description** An out-of-bounds write issue exists in the fingerprint trustlet. This allows a locally privileged attacker to write to memory outside of allocated boundaries. **Recommendations** Update to SMR Oct-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Tahoe 26 **Description** An application may be able to access sensitive user data due to insufficient checks preventing unauthorized actions. **Recommendations** Update to macOS Tahoe 26.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.8 macOS Sequoia versions prior to 15.7 iOS versions prior to 18.7 iPadOS versions prior to 18.7 tvOS versions prior to 26 visionOS versions prior to 26 watchOS versions prior to 26 macOS Tahoe versions prior to 26 iOS versions prior to 26 iPadOS versions prior to 26 **Description** A type confusion issue was addressed with improved memory handling. This issue may allow an app to cause a denial-of-service. **Recommendations** Update macOS Sonoma to version 14.8. Update macOS Sequoia to version 15.7. Update iOS to version 18.7. Update iPadOS to version 18.7. Update tvOS to version 26. Update visionOS to version 26. Update watchOS to version 26. Update macOS Tahoe to version 26. Update iOS to version 26. Update iPadOS to version 26.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Tahoe 26 **Description** A type confusion issue was addressed with improved memory handling. This issue may allow an app to cause a denial-of-service. **Recommendations** Update to macOS Tahoe 26.

**Name of the Vulnerable Software and Affected Versions** Blockchain Keystore versions prior to 1.3.17.2 **Description** An out-of-bounds write issue exists in the detaching crypto box functionality of Blockchain Keystore. This flaw allows local privileged attackers to write data beyond allocated memory boundaries. **Recommendations** Update Blockchain Keystore to version 1.3.17.2 or later.

**Name of the Vulnerable Software and Affected Versions** Blockchain Keystore versions prior to 1.3.17.2 **Description** An out-of-bounds read issue exists in Blockchain Keystore. This allows local privileged attackers to read out-of-bounds memory. **Recommendations** Update Blockchain Keystore to version 1.3.17.2 or later.

**Name of the Vulnerable Software and Affected Versions** Android versions 13 through 16 **Description** Improper access control in PkgPredictorService prior to SMR Aug-2025 Release 1 allows local attackers to use privileged APIs. **Recommendations** Update to SMR Aug-2025 Release 1 or later.

**Name of the Vulnerable Software and Affected Versions** Blockchain Keystore versions prior to 1.3.17.2 **Description** An out-of-bounds write issue exists in the creation of bitmap images. This can allow a local privileged attacker to write to memory outside of allocated boundaries. **Recommendations** Update Blockchain Keystore to version 1.3.17.2 or later.

**Name of the Vulnerable Software and Affected Versions** Blockchain Keystore versions prior to 1.3.17.2 **Description** An out-of-bounds write issue exists in the drawing pinpad functionality of Blockchain Keystore. This allows local privileged attackers to write to memory outside of allocated boundaries. **Recommendations** Update Blockchain Keystore to version 1.3.17.2 or later.

**Name of the Vulnerable Software and Affected Versions** iPadOS versions prior to 17.7.9 macOS Sequoia versions prior to 15.6 macOS Sonoma versions prior to 14.7.7 macOS Ventura versions prior to 13.7.7 **Description** A permissions issue was addressed with additional restrictions. An app may be able to fingerprint the user. **Recommendations** Update iPadOS to version 17.7.9. Update macOS Sequoia to version 15.6. Update macOS Sonoma to version 14.7.7. Update macOS Ventura to version 13.7.7.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.6 macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 **Description** The issue was addressed with improved memory handling. An app may be able to cause a denial-of-service. **Recommendations** Update to macOS version 15.6 or later. Update to macOS version 14.7.7 or later. Update to macOS version 13.7.7 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.6 **Description** The issue involves improved memory handling. An application may be able to cause a denial-of-service. **Recommendations** Update to version 15.6.

Name of the Vulnerable Software and Affected Versions: KnoxVault trustlet versions prior to SMR Jul-2025 Release 1 Description: The issue is related to an out-of-bounds write in the authentication secret checking process. This allows local privileged attackers to write to memory outside the intended boundaries. Recommendations: For versions prior to SMR Jul-2025 Release 1, update to SMR Jul-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the trustlet to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: KnoxVault trustlet versions prior to SMR Jul-2025 Release 1 Description: The issue is related to an out-of-bounds write in setting auth secret, which allows local privileged attackers to write out-of-bounds memory. This can be exploited by local privileged attackers. Recommendations: For KnoxVault trustlet versions prior to SMR Jul-2025 Release 1, update to SMR Jul-2025 Release 1 or later to resolve the issue. As a temporary workaround, consider restricting access to the trustlet to minimize the risk of exploitation.