Izobashi

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 macOS Sequoia versions prior to 15.7.7 macOS Tahoe versions prior to 26.5 **Description** Processing a maliciously crafted file may lead to a denial-of-service (a condition where a system becomes unavailable to its intended users) or potentially disclose memory contents. **Recommendations** Update iOS to version 18.7.9. Update iPadOS to version 18.7.9. Update macOS Sequoia to version 15.7.7. Update macOS Tahoe to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 **Description** Processing a maliciously crafted image may corrupt process memory due to improper memory handling. **Recommendations** Update iOS to version 18.7.9 or 26.5. Update iPadOS to version 18.7.9 or 26.5. Update macOS Sequoia to version 15.7.7. Update macOS Tahoe to version 26.5. Update tvOS to version 26.5. Update visionOS to version 26.5.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 macOS Sonoma versions prior to 14.8.4 macOS Tahoe versions prior to 26.3 visionOS versions prior to 26.3 **Description** An out-of-bounds write issue exists due to insufficient bounds checking when processing maliciously crafted USD files. This may result in unexpected application termination. **Recommendations** Update iOS to version 18.7.5. Update iPadOS to version 18.7.5. Update macOS Sonoma to version 14.8.4. Update macOS Tahoe to version 26.3. Update visionOS to version 26.3.

**Name of the Vulnerable Software and Affected Versions** NVIDIA Megatron-LM (affected versions not specified) **Description** The software contains a flaw in a script that could allow an attacker to inject code by providing malicious data. Exploitation of this issue may result in code execution, privilege escalation, information disclosure, or data tampering. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Transformers megatron gpt2 (affected versions not specified) **Description** A flaw exists in the parsing of checkpoints within Hugging Face Transformers megatron gpt2, stemming from insufficient validation of user-supplied data. This can lead to the deserialization of untrusted data, potentially allowing an attacker to execute code in the context of the current process. User interaction is required, as the target must visit a malicious page or open a malicious file to trigger the issue. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Hugging Face Accelerate (affected versions not specified) **Description** A flaw exists in Hugging Face Accelerate that allows remote attackers to execute arbitrary code on affected systems. Exploitation requires user interaction, such as visiting a malicious page or opening a malicious file. The issue stems from insufficient validation of user-supplied data during the parsing of checkpoints, leading to the deserialization of untrusted data. An attacker can exploit this to execute code within the current process. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 tvOS versions prior to 26.1 visionOS versions prior to 26.1 macOS versions prior to Sequoia 15.7.2 **Description** An out-of-bounds access issue exists due to insufficient bounds checking. Processing a maliciously crafted media file may result in application termination or memory corruption. **Recommendations** Update iOS to version 18.7.2. Update iPadOS to version 18.7.2. Update tvOS to version 26.1. Update visionOS to version 26.1. Update macOS to version Sequoia 15.7.2.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 **Description** An issue involving out-of-bounds access exists due to insufficient bounds checking. Processing a specially crafted media file could result in application crashes or memory corruption. **Recommendations** Update to iOS version 18.7.2 or later. Update to iPadOS version 18.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 **Description** An issue involving out-of-bounds access exists due to insufficient bounds checking. Processing a specially crafted media file could result in application crashes or memory corruption. **Recommendations** Update to iOS version 18.7.2 or later. Update to iPadOS version 18.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 **Description** An issue involving out-of-bounds access exists due to insufficient bounds checking. Processing a specially crafted media file could result in application crashes or memory corruption. **Recommendations** Update to iOS version 18.7.2 or later. Update to iPadOS version 18.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 2.6 tvOS versions prior to 18.6 macOS Sequoia versions prior to 15.6 iOS versions prior to 18.6 iPadOS versions prior to 18.6 **Description** An input validation issue with improved memory handling may lead to unexpected app termination when processing a maliciously crafted file. **Recommendations** Update visionOS to version 2.6. Update tvOS to version 18.6. Update macOS Sequoia to version 15.6. Update iOS to version 18.6. Update iPadOS to version 18.6.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.6 **Description** Processing a maliciously crafted image may result in disclosure of process memory. This issue was addressed with improved checks. **Recommendations** Update to macOS version 15.6.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.6 **Description** A memory corruption issue was addressed with improved validation. Processing a maliciously crafted file may lead to heap corruption. **Recommendations** Update to version 15.6.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.6 **Description** An out-of-bounds read issue was addressed through improved input validation. Processing a maliciously crafted USD file may lead to the disclosure of memory contents. **Recommendations** Update to macOS version 15.6.

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 2.6 tvOS versions prior to 18.6 macOS Sequoia versions prior to 15.6 iOS versions prior to 18.6 iPadOS versions prior to 18.6 **Description** An out-of-bounds access issue exists due to insufficient bounds checking. Processing a maliciously crafted media file may lead to unexpected application termination or corruption of process memory. **Recommendations** Update visionOS to version 2.6. Update tvOS to version 18.6. Update macOS Sequoia to version 15.6. Update iOS to version 18.6. Update iPadOS to version 18.6.

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 2.6 tvOS versions prior to 18.6 macOS Sequoia versions prior to 15.6 iOS versions prior to 18.6 iPadOS versions prior to 18.6 **Description** An out-of-bounds access issue was addressed with improved bounds checking. Processing a maliciously crafted media file may lead to unexpected app termination or corrupt process memory. **Recommendations** Update to visionOS 2.6 or later. Update to tvOS 18.6 or later. Update to macOS Sequoia 15.6 or later. Update to iOS 18.6 or later. Update to iPadOS 18.6 or later.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 11.5 macOS Sonoma versions prior to 14.7.6 tvOS versions prior to 18.5 iPadOS versions prior to 17.7.7 iOS versions prior to 18.5 iPadOS versions prior to 18.5 macOS Sequoia versions prior to 15.5 visionOS versions prior to 2.5 macOS Ventura versions prior to 13.7.6 **Description** The issue was addressed with improved memory handling. An attacker may be able to cause unexpected system termination or corrupt kernel memory. This flaw allows local attackers to escalate privileges and potentially execute arbitrary code with kernel-level access. **Recommendations** Update to watchOS 11.5 or later Update to macOS Sonoma 14.7.6 or later Update to tvOS 18.5 or later Update to iPadOS 17.7.7 or later Update to iOS 18.5 or later Update to iPadOS 18.5 or later Update to macOS Sequoia 15.5 or later Update to visionOS 2.5 or later Update to macOS Ventura 13.7.6 or later

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 11.5 macOS Sonoma versions prior to 14.7.6 tvOS versions prior to 18.5 iPadOS versions prior to 17.7.7 iOS versions prior to 18.5 iPadOS versions prior to 18.5 macOS Sequoia versions prior to 15.5 visionOS versions prior to 2.5 macOS Ventura versions prior to 13.7.6 **Description** A double free issue was addressed with improved memory management. This issue may allow a remote attacker to cause an unexpected app termination. **Recommendations** For watchOS versions prior to 11.5, update to watchOS 11.5. For macOS Sonoma versions prior to 14.7.6, update to macOS Sonoma 14.7.6. For tvOS versions prior to 18.5, update to tvOS 18.5. For iPadOS versions prior to 17.7.7, update to iPadOS 17.7.7. For iOS versions prior to 18.5, update to iOS 18.5. For iPadOS versions prior to 18.5, update to iPadOS 18.5. For macOS Sequoia versions prior to 15.5, update to macOS Sequoia 15.5. For visionOS versions prior to 2.5, update to visionOS 2.5. For macOS Ventura versions prior to 13.7.6, update to macOS Ventura 13.7.6.

**Name of the Vulnerable Software and Affected Versions** Bdrive NetDrive (affected versions not specified) **Description** The issue is related to an uncontrolled search path element, which can lead to local privilege escalation. This is a 0-day vulnerability, meaning it is being exploited before a fix is available. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 iOS versions prior to 18.3 iPadOS versions prior to 17.7.4 iPadOS versions prior to 18.3 watchOS versions prior to 11.3 tvOS versions prior to 18.3 visionOS versions prior to 2.3 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Parsing a file may lead to disclosure of user information. The issue is related to a buffer overflow in the SceneKit component of macOS, iOS, iPadOS, watchOS, tvOS, and visionOS operating systems, which can allow an attacker to disclose protected information. **Recommendations** For macOS versions prior to 13.7.3, update to macOS Ventura 13.7.3 or later. For macOS versions prior to 14.7.3, update to macOS Sonoma 14.7.3 or later. For macOS versions prior to 15.3, update to macOS Sequoia 15.3 or later. For iOS versions prior to 18.3, update to iOS 18.3 or later. For iPadOS versions prior to 17.7.4, update to iPadOS 17.7.4 or later. For iPadOS versions prior to 18.3, update to iPadOS 18.3 or later. For watchOS versions prior to 11.3, update to watchOS 11.3 or later. For tvOS versions prior to 18.3, update to tvOS 18.3 or later. For visionOS versions prior to 2.3, update to visionOS 2.3 or later.