Liu Long

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.4 macOS Big Sur versions prior to 11.6.6 macOS Catalina versions prior to Security Update 2022-004 **Description** An out-of-bounds read issue was addressed with improved input validation. A malicious application may be able to execute arbitrary code with kernel privileges. **Recommendations** For macOS versions prior to 12.4, update to macOS Monterey 12.4 or later. For macOS Big Sur versions prior to 11.6.6, update to macOS Big Sur 11.6.6 or later. For macOS Catalina versions prior to Security Update 2022-004, apply Security Update 2022-004.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Monterey 12.4 macOS versions prior to Big Sur 11.6.6 macOS Catalina versions prior to Security Update 2022-004 **Description** An out-of-bounds write issue was addressed with improved bounds checking. A malicious application may be able to execute arbitrary code with kernel privileges. **Recommendations** For macOS Catalina, apply Security Update 2022-004 to resolve the issue. For macOS Big Sur, update to version 11.6.6 or later to resolve the issue. For macOS Monterey, update to version 12.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.1 macOS Big Sur versions prior to 11.6.2 Security Update versions prior to 2021-008 Catalina **Description** A buffer overflow issue was addressed with improved bounds checking, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For macOS versions prior to 12.1, update to macOS Monterey 12.1 or later. For macOS Big Sur versions prior to 11.6.2, update to macOS Big Sur 11.6.2 or later. For Security Update versions prior to 2021-008 Catalina, apply Security Update 2021-008 Catalina or later.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.5 Security Update versions prior to 2021-004 Catalina Security Update versions prior to 2021-005 Mojave **Description** The issue involves an out-of-bounds write that has been addressed through improved input validation. This allows an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For macOS Big Sur versions prior to 11.5, update to macOS Big Sur 11.5. For Security Update versions prior to 2021-004 Catalina, apply Security Update 2021-004 Catalina. For Security Update versions prior to 2021-005 Mojave, apply Security Update 2021-005 Mojave.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.5 Security Update versions prior to 2021-004 on Catalina Security Update versions prior to 2021-005 on Mojave **Description** The issue allows an application to potentially cause unexpected system termination or write kernel memory due to an out-of-bounds write privilege escalation. This could be exploited through the `process token BindQueryStoreRegisterToMemoryList` function. **Recommendations** For macOS versions prior to 11.5, update to macOS Big Sur 11.5. For Catalina, apply Security Update 2021-004. For Mojave, apply Security Update 2021-005.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.5 Security Update versions prior to 2021-004 Catalina Security Update versions prior to 2021-005 Mojave **Description** An out-of-bounds write issue was addressed with improved input validation, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For macOS Big Sur versions prior to 11.5, update to macOS Big Sur 11.5. For Security Update versions prior to 2021-004 Catalina, apply Security Update 2021-004 Catalina. For Security Update versions prior to 2021-005 Mojave, apply Security Update 2021-005 Mojave.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.4 Security Update versions prior to 2021-003 Catalina Security Update versions prior to 2021-004 Mojave **Description** An out-of-bounds write issue was addressed with improved bounds checking. A malicious application may be able to execute arbitrary code with kernel privileges. **Recommendations** For macOS versions prior to Big Sur 11.4, update to macOS Big Sur 11.4 or later. For Security Update versions prior to 2021-003 Catalina, apply Security Update 2021-003 Catalina or later. For Security Update versions prior to 2021-004 Mojave, apply Security Update 2021-004 Mojave or later.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.4 macOS Catalina versions prior to Security Update 2021-003 **Description** A logic issue was addressed with improved state management, which could allow a remote attacker to cause an unexpected application termination or arbitrary code execution. **Recommendations** For macOS Big Sur versions prior to 11.4, update to macOS Big Sur 11.4 or later. For macOS Catalina versions prior to Security Update 2021-003, apply Security Update 2021-003 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.1 Security Update versions prior to 2020-001 on Catalina Security Update versions prior to 2020-007 on Mojave **Description** A memory corruption issue was addressed with improved input validation, allowing an application to potentially execute arbitrary code with kernel privileges. The issue is related to an Out-Of-Bounds Write Privilege Escalation Vulnerability in the Apple macOS process token AVCDecode. **Recommendations** For macOS versions prior to 11.1, update to macOS Big Sur 11.1 or later. For Catalina, apply Security Update 2020-001 or later. For Mojave, apply Security Update 2020-007 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.1 Security Update 2020-001 Catalina (affected versions not specified) Security Update 2020-007 Mojave (affected versions not specified) **Description** An out-of-bounds write issue was addressed with improved bounds checking, which may allow a malicious application to execute arbitrary code with system privileges. **Recommendations** For macOS versions prior to 11.1, update to macOS Big Sur 11.1 to resolve the issue. For Security Update 2020-001 Catalina, apply the security update to fix the issue. For Security Update 2020-007 Mojave, apply the security update to fix the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions 11.0 through 11.0.1 macOS Big Sur version 11.1 Security Update 2020-001 Catalina Security Update 2020-007 Mojave **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For macOS Big Sur versions 11.0 through 11.0.1, update to macOS Big Sur 11.1 or later. For macOS Big Sur version 11.1, no further action is required as the issue is already fixed. For Security Update 2020-001 Catalina, apply the security update to resolve the issue. For Security Update 2020-007 Mojave, apply the security update to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.0.1 watchOS versions prior to 7.1 iOS versions prior to 14.2 iPadOS versions prior to 14.2 iCloud for Windows versions prior to 11.5 Safari versions prior to 14.0.1 tvOS versions prior to 14.2 iTunes for Windows versions prior to 12.11 **Description** The issue is related to a use after free problem, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. **Recommendations** For macOS versions prior to 11.0.1, update to macOS Big Sur 11.0.1 or later. For watchOS versions prior to 7.1, update to watchOS 7.1 or later. For iOS versions prior to 14.2, update to iOS 14.2 or later. For iPadOS versions prior to 14.2, update to iPadOS 14.2 or later. For iCloud for Windows versions prior to 11.5, update to iCloud for Windows 11.5 or later. For Safari versions prior to 14.0.1, update to Safari 14.0.1 or later. For tvOS versions prior to 14.2, update to tvOS 14.2 or later. For iTunes for Windows versions prior to 12.11, update to iTunes 12.11 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.3 Security Update versions prior to 2019-001 for High Sierra and Sierra **Description** A memory consumption issue was addressed with improved memory handling, which could allow a malicious application to execute arbitrary code with system privileges. **Recommendations** For macOS versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later to resolve the issue. For High Sierra, apply Security Update 2019-001 or later. For Sierra, apply Security Update 2019-001 or later.

Name of the Vulnerable Software and Affected Versions: Windows Text Service Module (affected versions not specified) Description: A remote code execution issue exists due to improper memory handling by the Windows Text Service Module, allowing an attacker to gain execution on a victim system. This could be exploited through specially crafted websites viewed by Microsoft Edge (Chromium-based), or through compromised websites hosting user-provided content. An attacker would need to convince users to view the attacker-controlled content, typically through enticement. The issue is related to a buffer overflow in memory. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.3 Apple macOS Mojave versions prior to 10.14.5 Apple tvOS versions prior to 12.3 Apple Safari versions prior to 12.1.1 Apple iTunes for Windows versions prior to 12.9.5 Apple iCloud for Windows versions prior to 7.12 **Description** The issue arises from multiple memory corruption problems that have been addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An information disclosure issue exists due to Microsoft Edge's improper handling of objects in memory. This could allow an attacker to obtain information that could be used to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow in memory due to improper handling of JavaScript scripts by the ChakraCore engine and Microsoft Edge browser. This could allow a remote attacker to execute arbitrary code using specially crafted web page content. The vulnerability can corrupt memory, enabling an attacker to execute code in the context of the current user. If the user has administrative rights, the attacker could gain control of the affected system, allowing them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to the validation of strings in specific scenarios, potentially allowing an attacker to read sensitive data from memory. This could facilitate bypassing Address Space Layout Randomization (ASLR). While it does not enable arbitrary code execution on its own, it could be used in combination with another vulnerability, such as a remote code execution vulnerability, to achieve arbitrary code execution on a target system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Internet Explorer versions 6 through 8 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service due to memory corruption via a crafted web site. This is caused by improper access to objects in memory, which could corrupt memory and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** For Microsoft Internet Explorer versions 6 through 8, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Internet Explorer (affected versions not specified) **Description** The issue is related to incorrect access to objects in memory, which can cause a memory error and allow an attacker to execute arbitrary code in the context of the current user. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.