Jason Geffner

**Name of the Vulnerable Software and Affected Versions** Backblaze for Windows versions prior to 7.0.1.433 Backblaze for macOS versions prior to 7.0.1.434 **Description** The issue arises from improper certificate validation in the `bztransmit` helper, caused by a hardcoded whitelist of strings in URLs where validation is disabled. This could lead to possible remote code execution via client update functionality. **Recommendations** For Backblaze for Windows versions prior to 7.0.1.433, update to version 7.0.1.433 or later. For Backblaze for macOS versions prior to 7.0.1.434, update to version 7.0.1.434 or later. As a temporary workaround, consider disabling the `bztransmit` helper until a patch is available.

**Name of the Vulnerable Software and Affected Versions** ESET Endpoint Antivirus for macOS versions prior to 6.4.168.0 ESET Endpoint Security for macOS versions prior to 6.4.168.0 **Description** The issue concerns the esets daemon service, which fails to properly verify X.509 certificates from the edf.eset.com SSL server. This allows man-in-the-middle attackers to spoof the server and provide crafted responses to license activation requests using a self-signed certificate. **Recommendations** For ESET Endpoint Antivirus for macOS versions prior to 6.4.168.0, update to version 6.4.168.0 or later. For ESET Endpoint Security for macOS versions prior to 6.4.168.0, update to version 6.4.168.0 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 9.1 **Description** A race condition exists in the installation package of Apple iTunes on Windows, allowing local users to gain privileges. This can be achieved by replacing an unspecified file with a Trojan horse. **Recommendations** For Apple iTunes versions prior to 9.1, update to version 9.1 or later to resolve the issue.