Dongzhuo Zhao

**Name of the Vulnerable Software and Affected Versions** Windows Advanced Rasterization Platform (WARP) (affected versions not specified) **Description** Integer size truncation in the Windows Advanced Rasterization Platform (WARP) allows an unauthorized attacker to elevate privileges locally. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Browser (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability may affect service availability. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Espruino version 2v05.41 **Description** A Buffer Overflow issue allows an attacker to cause a denial of service via the function `jsvGarbageCollectMarkUsed` in file `src/jsvar.c`. **Recommendations** For Espruino version 2v05.41, consider disabling the `jsvGarbageCollectMarkUsed` function as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple iPadOS versions prior to 15.6 Apple tvOS versions prior to 15.6 Apple iOS versions prior to 15.6 Apple watchOS versions prior to 8.7 Apple macOS Monterey versions prior to 12.5 Apple Safari versions prior to 15.6 webkit2gtk (affected versions not specified) wpewebkit (affected versions not specified) MosOS (affected versions not specified) OpenSUSE (affected versions not specified) **Description** This issue involves a memory buffer overflow in iPadOS, tvOS, Safari, iOS, watchOS, and macOS Monterey. The problem was addressed through improved bounds checks. Processing maliciously crafted web content may lead to arbitrary code execution. The vulnerability has been added to CISA’s Known Exploited Vulnerabilities catalog. A similar issue was found in webkitgtk and wpewebkit where processing maliciously crafted web content may also lead to arbitrary code execution. **Recommendations** Update iPadOS to version 15.6 or later. Update tvOS to version 15.6 or later. Update iOS to version 15.6 or later. Update watchOS to version 8.7 or later. Update macOS Monterey to version 12.5 or later. Update Safari to version 15.6 or later. Upgrade webkit2gtk packages to the latest available version. Upgrade wpewebkit packages to the latest available version. At the moment, there is no information about a newer version that contains a fix for this vulnerability for MosOS. At the moment, there is no information about a newer version that contains a fix for this vulnerability for OpenSUSE.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK and WPE WebKit versions (affected versions not specified) tvOS versions prior to 15.5 iOS versions prior to 15.5 iPadOS versions prior to 15.5 watchOS versions prior to 8.6 macOS Monterey versions prior to 12.4 Safari versions prior to 15.5 **Description** The issue is related to insufficient input validation in web page rendering modules, which may allow a remote attacker to execute arbitrary code or cause a denial of service. Processing maliciously crafted web content may lead to arbitrary code execution due to a memory corruption issue addressed with improved state management. **Recommendations** For tvOS versions prior to 15.5, update to tvOS 15.5 or later. For iOS versions prior to 15.5, update to iOS 15.5 or later. For iPadOS versions prior to 15.5, update to iPadOS 15.5 or later. For watchOS versions prior to 8.6, update to watchOS 8.6 or later. For macOS Monterey versions prior to 12.4, update to macOS Monterey 12.4 or later. For Safari versions prior to 15.5, update to Safari 15.5 or later. As a temporary workaround for WebKitGTK and WPE WebKit, consider restricting the processing of web content until a patch is available. At the moment, there is no information about a newer version that contains a fix for WebKitGTK and WPE WebKit.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.0.1 iOS versions prior to 13.1 iPadOS versions prior to 13.1 tvOS versions prior to 13 **Description** A memory corruption issue was addressed with improved validation. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For Safari versions prior to 13.0.1, update to Safari 13.0.1 or later. For iOS versions prior to 13.1, update to iOS 13.1 or later. For iPadOS versions prior to 13.1, update to iPadOS 13.1 or later. For tvOS versions prior to 13, update to tvOS 13 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.4 iPadOS versions prior to 13.4 tvOS versions prior to 13.4 watchOS versions prior to 6.2 Safari versions prior to 13.1 iTunes for Windows versions prior to 12.10.5 iCloud for Windows versions prior to 10.9.3 and 7.18 **Description** A memory corruption issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to a WebKit display module vulnerability, which is associated with a buffer overflow in memory. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 13.4, update to iOS 13.4 or later. For iPadOS versions prior to 13.4, update to iPadOS 13.4 or later. For tvOS versions prior to 13.4, update to tvOS 13.4 or later. For watchOS versions prior to 6.2, update to watchOS 6.2 or later. For Safari versions prior to 13.1, update to Safari 13.1 or later. For iTunes for Windows versions prior to 12.10.5, update to iTunes for Windows 12.10.5 or later. For iCloud for Windows versions prior to 10.9.3 and 7.18, update to iCloud for Windows 10.9.3 or 7.18 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.4 iPadOS versions prior to 13.4 tvOS versions prior to 13.4 watchOS versions prior to 6.2 Safari versions prior to 13.1 iTunes for Windows versions prior to 12.10.5 iCloud for Windows versions prior to 10.9.3 and 7.18 **Description** A memory corruption issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. The issue is related to a WebKit display module vulnerability, which is associated with a buffer overflow in memory. Exploitation of the vulnerability may allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 13.4, update to iOS 13.4 or later. For iPadOS versions prior to 13.4, update to iPadOS 13.4 or later. For tvOS versions prior to 13.4, update to tvOS 13.4 or later. For watchOS versions prior to 6.2, update to watchOS 6.2 or later. For Safari versions prior to 13.1, update to Safari 13.1 or later. For iTunes for Windows versions prior to 12.10.5, update to iTunes for Windows 12.10.5 or later. For iCloud for Windows versions prior to 10.9.3 and 7.18, update to iCloud for Windows 10.9.3 or 7.18 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.4 Apple macOS versions prior to 10.14.6 Apple tvOS versions prior to 12.4 Apple watchOS versions prior to 5.3 Apple Safari versions prior to 12.1.2 Apple iTunes for Windows versions prior to 12.9.6 Apple iCloud for Windows versions prior to 10.6 **Description** The issue arises from multiple memory corruption problems that have been addressed through improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For Apple iOS versions prior to 12.4, update to iOS 12.4 or later. For Apple macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For Apple tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Apple watchOS versions prior to 5.3, update to watchOS 5.3 or later. For Apple Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For Apple iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For Apple iCloud for Windows versions prior to 10.6, update to iCloud for Windows 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.0.1 iOS versions prior to 13.1 iPadOS versions prior to 13.1 iCloud for Windows versions prior to 10.7 and 7.14 tvOS versions prior to 13 watchOS versions prior to 6 iTunes for Windows versions prior to 12.10.1 **Description** The issue arises from multiple memory corruption problems related to memory handling, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. **Recommendations** For Safari versions prior to 13.0.1, update to Safari 13.0.1 or later. For iOS versions prior to 13.1, update to iOS 13.1 or later. For iPadOS versions prior to 13.1, update to iPadOS 13.1 or later. For iCloud for Windows versions prior to 10.7 and 7.14, update to iCloud for Windows 10.7 or 7.14 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For watchOS versions prior to 6, update to watchOS 6 or later. For iTunes for Windows versions prior to 12.10.1, update to iTunes 12.10.1 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.0.1 iOS versions prior to 13.1 iPadOS versions prior to 13.1 iCloud for Windows versions prior to 10.7 and 7.14 tvOS versions prior to 13 watchOS versions prior to 6 iTunes for Windows versions prior to 12.10.1 **Description** The issue arises from multiple memory corruption problems related to memory handling, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. **Recommendations** For Safari versions prior to 13.0.1, update to Safari 13.0.1 or later. For iOS versions prior to 13.1, update to iOS 13.1 or later. For iPadOS versions prior to 13.1, update to iPadOS 13.1 or later. For iCloud for Windows versions prior to 10.7 and 7.14, update to iCloud for Windows 10.7 or 7.14 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For watchOS versions prior to 6, update to watchOS 6 or later. For iTunes for Windows versions prior to 12.10.1, update to iTunes 12.10.1 or later.