Ianbeer

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 **Description** A memory corruption issue was addressed with improved input validation. A malicious application may be able to execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A type confusion issue was addressed with improved memory handling. A malicious application may be able to break out of its sandbox. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 macOS versions prior to 10.13.5 tvOS versions prior to 11.4 watchOS versions prior to 4.3.1 **Description** The issue involves a buffer overflow in the `getvolattrlist` function of the Kernel component, allowing attackers to execute arbitrary code in a privileged context via a crafted app. This can be exploited by a remote attacker using a specially created application. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For macOS versions prior to 10.13.5, update to version 10.13.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 66.0.3359.117 Description: The issue is related to insufficiently sanitized distributed objects in the Updater component of Google Chrome on macOS, allowing a local attacker to execute arbitrary code via an executable file. Recommendations: For versions prior to 66.0.3359.117, update to version 66.0.3359.117 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.3 **Description** The issue involves the `Touch Bar Support` component, allowing attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For macOS versions prior to 10.13.3, update to version 10.13.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2 macOS versions prior to 10.13.2 tvOS versions prior to 11.2 watchOS versions prior to 4.2 **Description** The issue involves the Kernel component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later. For macOS versions prior to 10.13.2, update to version 10.13.2 or later. For tvOS versions prior to 11.2, update to version 11.2 or later. For watchOS versions prior to 4.2, update to version 4.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.2 **Description** The issue involves the `Intel Graphics Driver` component and allows local users to bypass intended memory-read restrictions or cause a denial of service, resulting in an out-of-bounds read and system crash. **Recommendations** For macOS versions prior to 10.13.2, update to version 10.13.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.2 macOS versions prior to 10.13.2 **Description** The issue involves the `IOKit` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. **Recommendations** For iOS versions prior to 11.2, update to version 11.2 or later. For macOS versions prior to 10.13.2, update to version 10.13.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.5 **Description** The issue involves the `Accessibility Framework` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For macOS versions prior to 10.12.5, update to version 10.12.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `Accessibility Framework` component until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 macOS versions prior to 10.12.4 tvOS versions prior to 10.2 watchOS versions prior to 3.2 **Description** The issue involves the Kernel component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is due to a buffer overflow in the Kernel component of the operating systems, which can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For macOS versions prior to 10.12.4, update to version 10.12.4 or later. For tvOS versions prior to 10.2, update to version 10.2 or later. For watchOS versions prior to 3.2, update to version 3.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 macOS versions prior to 10.12.4 tvOS versions prior to 10.2 watchOS versions prior to 3.2 **Description** The issue is caused by a buffer overflow in the Kernel component of the operating systems, which can be exploited by a remote attacker to execute arbitrary code in a privileged context using a specially crafted app. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For macOS versions prior to 10.12.4, update to version 10.12.4 or later. For tvOS versions prior to 10.2, update to version 10.2 or later. For watchOS versions prior to 3.2, update to version 3.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 macOS versions prior to 10.12.4 tvOS versions prior to 10.2 watchOS versions prior to 3.2 **Description** The issue is caused by a buffer overflow in memory, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted app. The issue involves the Kernel component. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later to resolve the issue. For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. For tvOS versions prior to 10.2, update to version 10.2 or later to resolve the issue. For watchOS versions prior to 3.2, update to version 3.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 macOS versions prior to 10.12.4 tvOS versions prior to 10.2 watchOS versions prior to 3.2 **Description** The issue involves the `Kernel` component and is caused by a buffer overflow. This allows attackers to execute arbitrary code in a privileged context via a crafted app. The exploitation of this issue may permit a remote attacker to execute arbitrary code in a privileged context using a specially crafted application. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For macOS versions prior to 10.12.4, update to version 10.12.4 or later. For tvOS versions prior to 10.2, update to version 10.2 or later. For watchOS versions prior to 3.2, update to version 3.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue is caused by a buffer overflow in the Intel Graphics Driver component of the operating system, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 macOS versions prior to 10.12.4 tvOS versions prior to 10.2 watchOS versions prior to 3.2 **Description** The issue involves the `Kernel` component and is related to an off-by-one error or integer overflow, allowing attackers to execute arbitrary code in a privileged context via a crafted app. This can be exploited by a remote attacker to gain privileged access. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For macOS versions prior to 10.12.4, update to version 10.12.4 or later. For tvOS versions prior to 10.2, update to version 10.2 or later. For watchOS versions prior to 3.2, update to version 3.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.2 **Description** The issue is related to the Directory Services component and involves the use of memory after it has been freed. This can be exploited by a local attacker to gain privileges or cause a denial of service. The exploitation is possible via unspecified vectors. **Recommendations** For macOS versions prior to 10.12.2, update to version 10.12.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 macOS versions prior to 10.12.2 **Description** The issue involves the Power Management component and is related to insufficient access control. It allows local users to gain privileges via vectors related to Mach port name references. **Recommendations** For iOS versions prior to 10.2, update to version 10.2 or later. For macOS versions prior to 10.12.2, update to version 10.12.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 macOS versions prior to 10.12.2 watchOS versions prior to 3.1.3 **Description** The issue involves the `syslog` component and allows local users to gain privileges via unspecified vectors related to Mach port name references. It is related to insufficient access control in the `syslog` component of Mac OS X and iOS operating systems. **Recommendations** For iOS versions prior to 10.2, update to version 10.2 or later. For macOS versions prior to 10.12.2, update to version 10.12.2 or later. For watchOS versions prior to 3.1.3, update to version 3.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.2 macOS versions prior to 10.12.2 watchOS versions prior to 3.1.3 **Description** The issue involves the `Kernel` component and allows local users to gain privileges or cause a denial of service (memory corruption) via unspecified vectors. It is caused by a buffer overflow in memory, which can be exploited by a local attacker to elevate privileges or cause a denial of service. **Recommendations** For iOS versions prior to 10.2, update to version 10.2 or later. For macOS versions prior to 10.12.2, update to version 10.12.2 or later. For watchOS versions prior to 3.1.3, update to version 3.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.3 **Description** The issue involves the `Bluetooth` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (use-after-free) via a crafted app. **Recommendations** For versions prior to 10.12.3, update to version 10.12.3 or later to resolve the issue.