Epsilan

**Name of the Vulnerable Software and Affected Versions** Visual Studio Code (affected versions not specified) **Description** The issue is related to insecure privilege management in Visual Studio Code. Exploitation of this issue may allow an attacker to elevate their privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.0.1 macOS Big Sur versions prior to 11.6.6 **Description** A logic issue was addressed with improved state management. This issue allows a sandboxed process to potentially circumvent sandbox restrictions. The vulnerability was discovered while studying methods of launching and detecting malicious macros in Office documents on macOS. Researchers found that using Launch Services to run a command with a specific prefix allows escaping the app sandbox in macOS. **Recommendations** For macOS versions prior to 12.0.1, update to macOS Monterey 12.0.1 or later to fix the issue. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6 or later to fix the issue. As a temporary workaround, consider restricting the use of Launch Services and the `open` command with the `--stdin` option to minimize the risk of exploitation. Avoid using malicious macros in Office documents until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Windows Installer (affected versions not specified) **Description** The issue is related to errors in the representation of information by the user interface of the Windows Installer component in Microsoft Windows operating systems. This can allow an attacker to conduct spoofing attacks. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 14.6 Apple iPadOS versions prior to 14.6 Apple tvOS versions prior to 14.6 Apple watchOS versions prior to 7.5 Apple macOS versions prior to 11.4 Apple macOS Catalina versions prior to Security Update 2021-004 Apple macOS Mojave versions prior to Security Update 2021-005 **Description** The issue is related to errors in security settings of the Launch Services in iOS, iPadOS, tvOS, watchOS, and macOS operating systems. A malicious application may be able to break out of its sandbox due to improved environment sanitization not being in place. This could allow an attacker to escape the App Sandbox and bypass privacy protections. **Recommendations** For Apple iOS versions prior to 14.6, update to iOS 14.6 or later. For Apple iPadOS versions prior to 14.6, update to iPadOS 14.6 or later. For Apple tvOS versions prior to 14.6, update to tvOS 14.6 or later. For Apple watchOS versions prior to 7.5, update to watchOS 7.5 or later. For Apple macOS versions prior to 11.4, update to macOS Big Sur 11.4 or later. For Apple macOS Catalina versions prior to Security Update 2021-004, apply Security Update 2021-004 or later. For Apple macOS Mojave versions prior to Security Update 2021-005, apply Security Update 2021-005 or later.

Name of the Vulnerable Software and Affected Versions: Windows Installer (affected versions not specified) Description: The issue is related to errors in the representation of information by the user interface of the Windows Installer component in Microsoft Windows operating systems. This can allow an attacker to conduct spoofing attacks. The vulnerability may be exploited to affect the system. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.