Federico Bento

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.5 **Description** The issue involves the `Sandbox` component, allowing attackers to conduct sandbox-escape attacks or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** policycoreutils (affected versions not specified) **Description** The issue allows local users to execute arbitrary commands outside of the sandbox. This is achieved via a crafted TIOCSTI ioctl call. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** util-linux (affected versions not specified) **Description** The issue is related to a lack of access control during user authentication in the util-linux package, which can be exploited to gain access to confidential data, compromise data integrity, and cause a denial of service. Specifically, a local user can escape to the parent session via a crafted TIOCSTI ioctl call, pushing characters to the terminal's input buffer. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.