Joshua Jones

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 **Description** The issue is related to errors in using standard permissions in the iCloud Photo Library of macOS operating systems. Exploitation of the issue may allow a remote attacker to bypass security restrictions. An app may be able to bypass Privacy preferences. **Recommendations** For macOS versions prior to 13.7.3, update to macOS Ventura 13.7.3 to resolve the issue. For macOS versions prior to 14.7.3, update to macOS Sonoma 14.7.3 to resolve the issue. For macOS versions prior to 15.3, update to macOS Sequoia 15.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Sequoia versions prior to 15.3 **Description** The issue was addressed through improved state management. It is related to errors in using standard permissions in the iCloud service for macOS, which could allow a remote attacker to execute arbitrary code. Files downloaded from the internet may not have the quarantine flag applied. **Recommendations** For versions prior to 15.3, update to macOS Sequoia 15.3 to resolve the issue. As a temporary workaround, consider applying the quarantine flag to files downloaded from the internet manually until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.6 macOS Monterey versions prior to 12.7.6 macOS Ventura versions prior to 13.6.8 **Description** An access issue was addressed with additional sandbox restrictions. The issue may cause third-party app extensions to not receive the correct sandbox restrictions. **Recommendations** For macOS versions prior to 14.6, update to macOS Sonoma 14.6. For macOS Monterey versions prior to 12.7.6, update to macOS Monterey 12.7.6. For macOS Ventura versions prior to 13.6.8, update to macOS Ventura 13.6.8.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.3 **Description** A privacy issue was addressed by moving sensitive data to a more secure location. This issue allowed an app to potentially access user-sensitive data. **Recommendations** For macOS versions prior to 13.3, update to macOS Ventura 13.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.3 macOS Big Sur versions prior to 11.7.5 macOS Monterey versions prior to 12.6.4 **Description** An access issue was addressed with additional sandbox restrictions. This issue may allow an app to access user-sensitive data. The problem is related to errors in security settings, which could allow an attacker to disclose protected information. **Recommendations** For macOS versions prior to 13.3, update to macOS Ventura 13.3 to resolve the issue. For macOS Big Sur versions prior to 11.7.5, update to macOS Big Sur 11.7.5 to resolve the issue. For macOS Monterey versions prior to 12.6.4, update to macOS Monterey 12.6.4 to resolve the issue. As a temporary workaround, consider restricting access to sensitive user data until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.6 iPadOS versions prior to 15.6 macOS Big Sur versions prior to 11.6.8 tvOS versions prior to 15.6 macOS Monterey versions prior to 12.5 macOS Catalina versions without Security Update 2022-005 **Description** An information disclosure issue was addressed by removing the vulnerable code. This issue allows an app to access sensitive user information. **Recommendations** For iOS versions prior to 15.6, update to iOS 15.6 or later. For iPadOS versions prior to 15.6, update to iPadOS 15.6 or later. For macOS Big Sur versions prior to 11.6.8, update to macOS Big Sur 11.6.8 or later. For tvOS versions prior to 15.6, update to tvOS 15.6 or later. For macOS Monterey versions prior to 12.5, update to macOS Monterey 12.5 or later. For macOS Catalina, apply Security Update 2022-005.