Jeff Johnson

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** A use-after-free vulnerability has been resolved in the Linux kernel, specifically in the ath12k module. The issue occurs during the removal of the ath12k module, where the `ath12k mac destroy()` function un-registers the `ah->hw` from mac80211 and frees the `ah->hw` as well as all the `ar`'s in it. Later, the `ath12k dp cc cleanup()` function tries to access one of the freed `ar`'s from a pending `skb`, leading to a use-after-free error. This is because the driver failed to flush a few data packets during the destruction of the mac, which were accessed later and freed. The vulnerability was introduced by a commit that added a change to decrement the pending packets count in case of recovery, but this change does not make sense during core deinit. **Recommendations** To fix this issue, avoid accessing `ar` from `skb->cb` when the driver is being unregistered. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18 iPadOS versions prior to 18 watchOS versions prior to 11 tvOS versions prior to 18 macOS Sequoia versions prior to 15 **Description** A logic issue was addressed with improved checks. A malicious app may be able to modify other apps without having App Management permission. **Recommendations** For iOS versions prior to 18, update to iOS 18 or later. For iPadOS versions prior to 18, update to iPadOS 18 or later. For watchOS versions prior to 11, update to watchOS 11 or later. For tvOS versions prior to 18, update to tvOS 18 or later. For macOS Sequoia versions prior to 15, update to macOS Sequoia 15 or later.

**Name of the Vulnerable Software and Affected Versions** tvOS versions prior to 17.5 iOS versions prior to 17.5 iPadOS versions prior to 17.5 visionOS versions prior to 1.2 Safari versions prior to 17.5 watchOS versions prior to 10.5 macOS Sonoma versions prior to 14.5 **Description** The issue is related to improved memory handling and may lead to arbitrary code execution when processing web content. A remote attacker may exploit this issue to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For tvOS versions prior to 17.5, update to tvOS 17.5. For iOS versions prior to 17.5, update to iOS 17.5. For iPadOS versions prior to 17.5, update to iPadOS 17.5. For visionOS versions prior to 1.2, update to visionOS 1.2. For Safari versions prior to 17.5, update to Safari 17.5. For watchOS versions prior to 10.5, update to watchOS 10.5. For macOS Sonoma versions prior to 14.5, update to macOS Sonoma 14.5.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to the wifi: ath11k: fix dfs radar event locking in the Linux kernel. The ath11k active pdevs are protected by RCU, but the DFS radar event handling code calling `ath11k mac get ar by pdev id()` was not marked as a read-side critical section. This could lead to potential use-after-free issues. The code in question has been marked as an RCU read-side critical section to avoid these issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 9.5 tvOS versions prior to 16.5 macOS Ventura versions prior to 13.4 macOS Big Sur versions prior to 11.7.7 macOS Monterey versions prior to 12.6.6 iOS versions prior to 16.5 iPadOS versions prior to 16.5 **Description** An authorization issue was addressed with improved state management. This issue may allow an app to retain access to system configuration files even after its permission is revoked, potentially allowing an attacker to access confidential information and preserve user data. **Recommendations** For watchOS versions prior to 9.5, update to watchOS 9.5 to resolve the issue. For tvOS versions prior to 16.5, update to tvOS 16.5 to resolve the issue. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 to resolve the issue. For macOS Big Sur versions prior to 11.7.7, update to macOS Big Sur 11.7.7 to resolve the issue. For macOS Monterey versions prior to 12.6.6, update to macOS Monterey 12.6.6 to resolve the issue. For iOS versions prior to 16.5, update to iOS 16.5 to resolve the issue. For iPadOS versions prior to 16.5, update to iPadOS 16.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16 **Description** An issue existed with the file paths used to store website data, potentially allowing an unauthorized user to access browsing history. The issue was resolved by improving how website data is stored and by addressing the issue with improved handling of caches. **Recommendations** For iOS versions prior to 16, update to iOS 16 to resolve the issue. As a temporary workaround, consider restricting access to sensitive website data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.1 Security Update versions prior to 2018-002 on High Sierra Security Update versions prior to 2018-005 on Sierra **Description** A malicious application may be able to access restricted files due to an issue that was addressed by removing additional entitlements. **Recommendations** For macOS versions prior to 10.14.1, update to macOS Mojave 10.14.1. For High Sierra, apply Security Update 2018-002. For Sierra, apply Security Update 2018-005.

**Name of the Vulnerable Software and Affected Versions** AFCTR Tool versions prior to 3.41 **Description** The issue is related to a memory allocation problem in the AFCTR Tool. The impact of this problem is unknown. **Recommendations** For versions prior to 3.41, update to version 3.41 or later to resolve the issue.