Josh Parnham

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.3 Safari versions prior to 18.3 **Description** A logging issue was addressed with improved data redaction. This issue may allow a malicious app to bypass browser extension authentication. The vulnerability is related to the Passwords component of the Safari browser in macOS operating systems, which can lead to information disclosure through log files. A remote attacker may exploit this issue to bypass security restrictions. **Recommendations** For macOS Sequoia versions prior to 15.3, update to macOS Sequoia 15.3 to resolve the issue. For Safari versions prior to 18.3, update to Safari 18.3 to resolve the issue. As a temporary workaround, consider restricting access to the Passwords component of the Safari browser until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.4 Security Update 2021-003 Catalina versions prior to the fixed version **Description** An access issue was addressed with improved access restrictions, allowing a malicious application to potentially access a user's call history. **Recommendations** For macOS versions prior to Big Sur 11.4, update to macOS Big Sur 11.4 to resolve the issue. For Security Update 2021-003 Catalina, apply Security Update 2021-003 Catalina to fix the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur version 11.0.1 and earlier iOS versions prior to 14.0 iPadOS versions prior to 14.0 **Description** A validation issue existed in the entitlement verification, which was addressed with improved validation of the process entitlement. This issue allowed a malicious application to determine a user's open tabs in Safari. **Recommendations** For macOS Big Sur versions prior to 11.0.1, update to version 11.0.1 or later. For iOS versions prior to 14.0, update to version 14.0 or later. For iPadOS versions prior to 14.0, update to version 14.0 or later.