Gal Beniamini

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 tvOS versions prior to 10.2.2 **Description** The issue involves the `Wi-Fi` component and allows attackers to cause a denial of service by leveraging proximity for 802.11, resulting in memory corruption on the Wi-Fi chip. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 macOS versions prior to 10.12.6 tvOS versions prior to 10.2.2 **Description** The issue involves the `Wi-Fi` component and allows remote attackers to execute arbitrary code on the Wi-Fi chip or cause a denial of service by leveraging proximity for 802.11, resulting in memory corruption. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later to resolve the issue. For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 65.0.3325.146 **Description** The issue is related to the lack of special casing of Android ashmem in Google Chrome, which allowed a remote attacker who had compromised the renderer process to bypass inter-process read-only guarantees. This could be achieved via a crafted HTML page. **Recommendations** For versions prior to 65.0.3325.146, update to version 65.0.3325.146 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 65.0.3325.146 Opera versions prior to 65.0.3325.146 **Description** The issue is related to a lack of access control checks in Instrumentation, allowing a remote attacker who has compromised the renderer process to obtain memory metadata from privileged processes. **Recommendations** For Google Chrome versions prior to 65.0.3325.146, update to version 65.0.3325.146 or later. For Opera versions prior to 65.0.3325.146, update to a version that includes the fix for this issue, as the exact version is not specified.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 65.0.3325.146 Opera (affected versions not specified) **Description** The issue is related to the incorrect use of `mojo::WrapSharedMemoryHandle` in Mojo, allowing a remote attacker who has compromised the renderer process to perform an out of bounds memory write. This can be achieved via a crafted HTML page. **Recommendations** For Google Chrome versions prior to 65.0.3325.146, update to version 65.0.3325.146 or later to resolve the issue. For Opera, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 watchOS versions prior to 4 **Description** The issue involves the Wi-Fi component and might allow remote attackers to read data from kernel memory locations via crafted Wi-Fi traffic. **Recommendations** For iOS versions prior to 11, update to version 11 or later. For tvOS versions prior to 11, update to version 11 or later. For watchOS versions prior to 4, update to version 4 or later.

**Name of the Vulnerable Software and Affected Versions** Broadcom BCM4355C0 Wi-Fi chips version 9.44.78.27.0.1.56 **Description** The issue is related to insufficient length validation in ICMPv6 router advertisement offloading, which can lead to an information leak. An attacker can trigger this leak. **Recommendations** For version 9.44.78.27.0.1.56, consider disabling ICMPv6 router advertisement offloading as a temporary workaround until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 **Description** The issue involves the `Wi-Fi` component and might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic that leverages a race condition. This is caused by synchronization errors when using a shared resource. **Recommendations** For iOS versions prior to 11, update to version 11 or later to resolve the issue. For tvOS versions prior to 11, update to version 11 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 watchOS versions prior to 4 **Description** The issue involves the Wi-Fi component and is caused by a buffer overflow in memory. It may allow a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via specially crafted Wi-Fi traffic. **Recommendations** For iOS versions prior to 11, update to version 11 or later to resolve the issue. For tvOS versions prior to 11, update to version 11 or later to resolve the issue. For watchOS versions prior to 4, update to version 4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 watchOS versions prior to 4 **Description** The issue involves the Wi-Fi component and is caused by a buffer overflow in memory. It may allow a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via specially crafted Wi-Fi traffic. **Recommendations** For iOS versions prior to 11, update to version 11 or later to resolve the issue. For tvOS versions prior to 11, update to version 11 or later to resolve the issue. For watchOS versions prior to 4, update to version 4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 watchOS versions prior to 4 **Description** The issue is related to a buffer overflow in the Wi-Fi component of the operating system, which can be exploited by a remote attacker using specially crafted Wi-Fi traffic. This may allow the attacker to execute arbitrary code in a privileged context or cause a denial of service due to memory corruption. **Recommendations** For iOS versions prior to 11, update to version 11 or later to resolve the issue. For tvOS versions prior to 11, update to version 11 or later to resolve the issue. For watchOS versions prior to 4, update to version 4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 watchOS versions prior to 4 **Description** The issue involves the `Wi-Fi` component and might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. This is caused by a buffer overflow in the Wi-Fi component of the operating system. **Recommendations** For iOS versions prior to 11, update to version 11 or later to resolve the issue. For tvOS versions prior to 11, update to version 11 or later to resolve the issue. For watchOS versions prior to 4, update to version 4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11 tvOS versions prior to 11 watchOS versions prior to 4 **Description** The issue involves the `Wi-Fi` component and might allow remote attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via crafted Wi-Fi traffic. The vulnerability is caused by a buffer overflow in the memory, which can be exploited by a remote attacker using specially crafted Wi-Fi traffic. **Recommendations** For iOS versions prior to 11, update to version 11 or later to resolve the issue. For tvOS versions prior to 11, update to version 11 or later to resolve the issue. For watchOS versions prior to 4, update to version 4 or later to resolve the issue. As a temporary workaround, consider disabling the `Wi-Fi` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Broadcom BCM4355C0 Wi-Fi chips version 9.44.78.27.0.1.56 **Description** The issue is caused by a buffer overflow in the Wi-Fi firmware. An attacker can craft a malformed RRM neighbor report frame to trigger this overflow. Exploitation of the issue may allow a remote attacker to impact the confidentiality, integrity, and availability of data. **Recommendations** For Broadcom BCM4355C0 Wi-Fi chips version 9.44.78.27.0.1.56, consider disabling the Wi-Fi firmware until a patch is available to prevent exploitation of the buffer overflow. As a temporary workaround, restrict access to the RRM neighbor report frame to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Broadcom BCM4355C0 Wi-Fi chip versions 9.44.78.27.0.1.56 and earlier **Description** The issue is caused by a buffer overflow in the memory of the Wi-Fi chip, which can be exploited by a remote attacker using specially crafted frames. This can lead to a denial of service, causing the Wi-Fi device to become unresponsive. The exploitation may involve triggering internal Wi-Fi firmware heap and/or stack overflows. **Recommendations** For version 9.44.78.27.0.1.56 and earlier, consider disabling the Wi-Fi functionality until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to the Wi-Fi network to minimize the risk of exploitation. Avoid using the affected Wi-Fi chip in sensitive environments until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** The issue is related to a remote code execution vulnerability in the Broadcom Wi-Fi firmware, which could allow a remote attacker to execute arbitrary code within the context of the Wi-Fi SoC. This vulnerability is associated with insufficient access control to certain functions. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, update the system to a newer version that includes the fix for this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions Kernel-3.10, Kernel-3.18 **Description** An elevation of privilege issue in the Broadcom Wi-Fi driver could allow a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High because it first requires compromising a privileged process. The vulnerability is related to insufficient access control in the Wi-Fi driver, which could be exploited by a remote attacker using a special application to execute arbitrary code in the context of the kernel. **Recommendations** For Android versions Kernel-3.10, Kernel-3.18, consider disabling the Wi-Fi driver until a patch is available to prevent potential exploitation. As a temporary workaround, restrict access to the kernel to minimize the risk of arbitrary code execution.

**Name of the Vulnerable Software and Affected Versions** iOS (affected versions not specified) **Description** The issue is caused by a buffer overflow in the Wi-Fi component of the iOS operating system. Exploitation of this issue may allow an attacker, acting locally, to cause a denial of service via a crafted access point. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Broadcom Wi-Fi HardMAC SoC with fbt firmware (affected versions not specified) **Description** A stack buffer overflow issue occurs when handling an 802.11r (FT) authentication response. This happens due to a crafted access point sending a long R0KH-ID field in a Fast BSS Transition Information Element (FT-IE), potentially leading to remote code execution. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Android versions 7.0 through 7.1.1 **Description** An elevation of privilege issue in the Framework APIs could allow a local malicious application to execute arbitrary code within the context of a privileged process. This issue could be used to gain local access to elevated capabilities, which are not normally accessible to a third-party application. The vulnerability is related to insufficient access control in the Framework APIs. **Recommendations** For Android versions 7.0 through 7.1.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.