Jan Vojtesek

**Name of the Vulnerable Software and Affected Versions** Windows Storage Spaces Controller (affected versions not specified) **Description** An integer overflow or wraparound in the Windows Storage Spaces Controller allows an authorized attacker to elevate privileges locally.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.6 iPadOS versions prior to 15.6 watchOS versions prior to 8.7 tvOS versions prior to 15.6 macOS Monterey versions prior to 12.5 Safari versions prior to 15.6 **Description** An out-of-bounds write issue was addressed with improved input validation. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 15.6, update to iOS 15.6 or later. For iPadOS versions prior to 15.6, update to iPadOS 15.6 or later. For watchOS versions prior to 8.7, update to watchOS 8.7 or later. For tvOS versions prior to 15.6, update to tvOS 15.6 or later. For macOS Monterey versions prior to 12.5, update to macOS Monterey 12.5 or later. For Safari versions prior to 15.6, update to Safari 15.6 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 103.0.5060.114 **Description** A heap buffer overflow issue in WebRTC allows a remote attacker to potentially exploit heap corruption via a crafted HTML page. This issue affects web browsers that use WebRTC, including Google Chrome. The vulnerability may allow an attacker to execute arbitrary code. It has been reported that this issue is being exploited in the wild, with threats including the use of watering hole techniques and the Devilstongue threat in various geographic locations such as Lebanon, Yemen, Turkey, and Palestine. **Recommendations** For Google Chrome versions prior to 103.0.5060.114, update the browser to version 103.0.5060.114 or later to patch the vulnerability. As a temporary workaround, consider disabling WebRTC functionality until a patch is available. Restrict access to potentially vulnerable web pages to minimize the risk of exploitation. Avoid using crafted HTML pages that could trigger the heap buffer overflow issue until the browser is updated.