Derrek

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 15.4 Apple iOS versions prior to 15.4 Apple iPadOS versions prior to 15.4 Apple macOS Big Sur versions prior to 11.6.5 Apple macOS Catalina versions prior to Security Update 2022-003 Apple watchOS versions prior to 8.5 Apple macOS Monterey versions prior to 12.3 **Description** A null pointer dereference issue was addressed with improved validation, which may allow an attacker in a privileged position to perform a denial of service attack. **Recommendations** For Apple tvOS versions prior to 15.4, update to tvOS 15.4 or later. For Apple iOS versions prior to 15.4, update to iOS 15.4 or later. For Apple iPadOS versions prior to 15.4, update to iPadOS 15.4 or later. For Apple macOS Big Sur versions prior to 11.6.5, update to macOS Big Sur 11.6.5 or later. For Apple macOS Catalina versions prior to Security Update 2022-003, apply Security Update 2022-003 or later. For Apple watchOS versions prior to 8.5, update to watchOS 8.5 or later. For Apple macOS Monterey versions prior to 12.3, update to macOS Monterey 12.3 or later.

**Name of the Vulnerable Software and Affected Versions** Qualcomm Snapdragon versions (affected versions not specified) **Description** The issue is related to a memory corruption in the Kernel due to a race condition while getting a mapping reference. This can occur in various Snapdragon products, including Compute, Connectivity, Industrial IOT, and Mobile. The vulnerability is associated with synchronization errors when using a shared resource. Exploitation of this issue may allow an attacker to cause a denial of service or execute arbitrary code. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15 tvOS versions prior to 13 watchOS versions prior to 6 iOS versions prior to 13 **Description** A memory corruption issue was addressed with improved state management, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For macOS versions prior to 10.15, update to macOS Catalina 10.15 or apply Security Update 2019-001 or Security Update 2019-006. For tvOS versions prior to 13, update to tvOS 13. For watchOS versions prior to 6, update to watchOS 6. For iOS versions prior to 13, update to iOS 13.

**Name of the Vulnerable Software and Affected Versions** macOS Mojave versions prior to 10.14.5 Security Update versions prior to 2019-003 High Sierra Security Update versions prior to 2019-003 Sierra watchOS versions prior to 5.2 macOS Mojave version 10.14.4 Security Update versions prior to 2019-002 High Sierra Security Update versions prior to 2019-002 Sierra iOS versions prior to 12.2 **Description** An out-of-bounds read issue existed, leading to the disclosure of kernel memory. This issue was addressed with improved input validation. A remote attacker may be able to leak memory. **Recommendations** For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For Security Update versions prior to 2019-003 High Sierra, apply Security Update 2019-003 or later. For Security Update versions prior to 2019-003 Sierra, apply Security Update 2019-003 or later. For watchOS versions prior to 5.2, update to watchOS 5.2 or later. For macOS Mojave version 10.14.4, update to macOS Mojave 10.14.5 or later. For Security Update versions prior to 2019-002 High Sierra, apply Security Update 2019-003 or later. For Security Update versions prior to 2019-002 Sierra, apply Security Update 2019-003 or later. For iOS versions prior to 12.2, update to iOS 12.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.5 iPadOS versions prior to 13.5 macOS Catalina versions prior to 10.15.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 **Description** An information disclosure issue was addressed with improved state management, allowing a local user to potentially read kernel memory. **Recommendations** For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For macOS Catalina versions prior to 10.15.5, update to macOS Catalina 10.15.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.2 macOS Mojave versions prior to 10.14.4 tvOS versions prior to 12.2 watchOS versions prior to 5.2 **Description** A buffer overflow issue was addressed through improved size validation. This could allow a remote attacker to cause unexpected system termination or corrupt kernel memory. **Recommendations** For iOS versions prior to 12.2, update to iOS 12.2 or later. For macOS Mojave versions prior to 10.14.4, update to macOS Mojave 10.14.4 or later. For tvOS versions prior to 12.2, update to tvOS 12.2 or later. For watchOS versions prior to 5.2, update to watchOS 5.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.3 macOS versions prior to 10.13.4 tvOS versions prior to 11.3 watchOS versions prior to 4.3 **Description** The issue involves the Kernel component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app, resulting in memory corruption. **Recommendations** For iOS versions prior to 11.3, update to version 11.3 or later. For macOS versions prior to 10.13.4, update to version 10.13.4 or later. For tvOS versions prior to 11.3, update to version 11.3 or later. For watchOS versions prior to 4.3, update to version 4.3 or later.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** A buffer overflow issue exists in the HSDPA protocol of Qualcomm products with Android releases from CAF, which utilizes the Linux kernel. This issue may allow a remote attacker to compromise the confidentiality, integrity, and availability of protected information. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Qualcomm products with Android releases from CAF using the Linux kernel (affected versions not specified) **Description** The issue is caused by a type downcast that allows a value to improperly pass validation, potentially leading to an out of bounds write. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** The issue is related to an elevation of privilege vulnerability in the Qualcomm crypto engine driver. This could allow a local malicious application to execute arbitrary code within the context of the kernel. The vulnerability is rated as High because it first requires compromising a privileged process. **Recommendations** For versions Kernel-3.10 and Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** An information disclosure issue in the Qualcomm camera driver could allow a local malicious application to access data outside of its permission levels. This issue requires compromising a privileged process and is rated as Moderate. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, consider restricting access to the Qualcomm camera driver until a patch is available. As a temporary workaround, disabling the camera functionality may help minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** An information disclosure issue in the Qualcomm Wi-Fi driver could allow a local malicious application to access data outside of its permission levels, requiring a privileged process to be compromised first. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, at the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** The issue is related to insufficient access control in the VBRISeeker.cpp function of the libstagefright media server in the Android operating system. This can allow a remote attacker to exploit the issue and potentially compromise information confidentiality. Additionally, a remote attacker could use a specially crafted file to cause a device hang or reboot, resulting in a denial of service. **Recommendations** For Android versions 4.4.4, 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, consider restricting access to the `VBRISeeker.cpp` function in the libstagefright media server as a temporary workaround to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1 **Description** The issue is related to insufficient access control in the Framesequence library of the Android operating system. It allows a remote attacker to execute arbitrary code using a specially crafted file. This can lead to remote code execution in the context of an unprivileged process. **Recommendations** For versions 5.0.2, 5.1.1, 6.0, 6.0.1, 7.0, 7.1, update to a version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.