Georgy Kucherin

**Name of the Vulnerable Software and Affected Versions** DAEMON Tools Lite versions 12.5.0.2421 through 12.5.0.2434 **Description** A supply chain attack compromised official installation packages distributed via the legitimate website daemon-tools.cc between April 8, 2026, and May 5, 2026. Attackers accessed the build or distribution infrastructure of the vendor, AVB Disc Soft, to trojanize three binaries: `DTHelper.exe`, `DiscSoftBusServiceLite.exe`, and `DTShellHlp.exe`. Because these files were signed with a legitimate code-signing certificate, they could bypass signature-based detection. This issue involves dangerous undeclared capabilities that may allow a remote attacker to bypass existing security restrictions. **Recommendations** For versions 12.5.0.2421 through 12.5.0.2434, remove the affected installation and ensure the software is obtained from a verified, clean source. As a temporary mitigation, restrict the execution of the binaries `DTHelper.exe`, `DiscSoftBusServiceLite.exe`, and `DTShellHlp.exe`.

**Name of the Vulnerable Software and Affected Versions** macOS Monterey versions prior to 12.6.8 iOS versions prior to 15.7.8 iPadOS versions prior to 15.7.8 iOS versions prior to 16.6 iPadOS versions prior to 16.6 tvOS versions prior to 16.6 macOS Big Sur versions prior to 11.7.9 macOS Ventura versions prior to 13.5 watchOS versions prior to 9.6 **Description** An issue exists where an app may be able to modify sensitive kernel state due to a buffer overflow in memory. This allows for unauthorized access to sensitive information and full control of the device, impacting the confidentiality, integrity, and availability of protected data. Technical exploitation involves writing data, destination addresses, and data hashes into undocumented, unused hardware registers (MMIO registers) within Apple SoCs to bypass kernel memory hardware protection. This issue has been actively exploited against versions of iOS released before iOS 15.7.1. **Recommendations** Update macOS Monterey to version 12.6.8. Update iOS to version 15.7.8 or 16.6. Update iPadOS to version 15.7.8 or 16.6. Update tvOS to version 16.6. Update macOS Big Sur to version 11.7.9. Update macOS Ventura to version 13.5. Update watchOS to version 9.6.

**Apple Products** watchOS versions prior to 9.5.2 macOS Big Sur versions prior to 11.7.8 iOS versions prior to 15.7.7 iPadOS versions prior to 15.7.7 macOS Monterey versions prior to 12.6.7 watchOS versions prior to 8.8.1 iOS versions prior to 16.5.1 iPadOS versions prior to 16.5.1 macOS Ventura versions prior to 13.4.1 **Description** An integer overflow issue exists in Apple products, addressed through improved input validation. This flaw could allow an application to execute arbitrary code with kernel privileges. Reports indicate that this issue was potentially exploited in the wild against iOS versions released before iOS 15.7. The vulnerability is related to an integer overflow in `mach make memory entry` and `vm copy`. Exploitation involves a chain of events, starting with an invisible iMessage attachment that triggers a series of exploits to open a malicious URL containing obfuscated JavaScript and an encrypted payload. The JavaScript validator and binary validator are used to determine if the target device is a research environment. The vulnerability can be leveraged for full kernel read/write access, potentially enabling a deterministic exploit strategy. The `offset` and `size` are input variables that allow attackers to bypass restrictions and map memory outside the parent memory object. The Operation Triangulation campaign utilized this vulnerability, along with other techniques, to compromise devices and collect sensitive information, including microphone recordings, iCloud keychains, SQLite database data, and location data. **Recommendations** Update to watchOS 9.5.2. Update to macOS Big Sur 11.7.8. Update to iOS 15.7.7. Update to iPadOS 15.7.7. Update to macOS Monterey 12.6.7. Update to watchOS 8.8.1. Update to iOS 16.5.1. Update to iPadOS 16.5.1. Update to macOS Ventura 13.4.1.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK versions prior to 2.40.4-0ubuntu0.22.04.1 Safari versions prior to 16.4 iOS versions prior to 16.4 and iPadOS versions prior to 16.4 iOS versions prior to 15.7.7 and iPadOS versions prior to 15.7.7 macOS Ventura versions prior to 13.3 **Description** This vulnerability is a memory corruption issue within WebKit, potentially allowing arbitrary code execution. The issue stems from improved state management and has been reported as actively exploited in the wild against iOS versions released before iOS 15.7. The vulnerability affects multiple Apple products, including Safari, iOS, and iPadOS, as well as WebKitGTK. The root cause involves a memory corruption issue within WASM due to allowing moving of not fitting offsets into instruction. **Recommendations** Update WebKitGTK to version 2.40.4-0ubuntu0.22.04.1 or later. Update Safari to version 16.4 or later. Update iOS to version 16.4 or later. Update iPadOS to version 16.4 or later. Update macOS Ventura to version 13.3 or later. Update iOS to version 15.7.7 or later. Update iPadOS to version 15.7.7 or later.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to 13.2 Apple macOS versions prior to 12.6.8 Apple macOS versions prior to 11.7.9 Apple iOS versions prior to 16.3 Apple iOS versions prior to 15.7.8 Apple iPadOS versions prior to 16.3 Apple iPadOS versions prior to 15.7.8 Apple watchOS versions prior to 9.3 Apple tvOS versions prior to 16.3 **Description** The issue is related to the processing of font files, which may lead to arbitrary code execution. Apple is aware of a report that this issue may have been actively exploited against versions of iOS released before iOS 15.7.1. The vulnerability is associated with a buffer overflow in the FontParser component of Apple's operating systems. It is estimated that a large number of devices may be affected, but the exact number is not specified. The issue was addressed with improved handling of caches. **Recommendations** For macOS versions prior to 13.2, update to macOS Ventura 13.2 or later. For macOS versions prior to 12.6.8, update to macOS Monterey 12.6.8 or later. For macOS versions prior to 11.7.9, update to macOS Big Sur 11.7.9 or later. For iOS versions prior to 16.3, update to iOS 16.3 or later. For iOS versions prior to 15.7.8, update to iOS 15.7.8 or later. For iPadOS versions prior to 16.3, update to iPadOS 16.3 or later. For iPadOS versions prior to 15.7.8, update to iPadOS 15.7.8 or later. For watchOS versions prior to 9.3, update to watchOS 9.3 or later. For tvOS versions prior to 16.3, update to tvOS 16.3 or later.