Lokihardt

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and can be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is associated with a buffer overflow in the WebKit display module. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For watchOS versions prior to 5.3, update to watchOS 5.3 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is associated with a buffer overflow in the WebKit display module. A remote attacker can exploit this issue using a specially crafted web page. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For watchOS versions prior to 5.3, update to watchOS 5.3 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. A vulnerability in the WebKit display module is associated with a buffer overflow in memory, which can be exploited by a remote attacker using a specially crafted web page. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For watchOS versions prior to 5.3, update to watchOS 5.3 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 tvOS versions prior to 12.1.2 Safari versions prior to 12.0.3 iTunes for Windows versions prior to 12.9.3 iCloud for Windows versions prior to 7.10 **Description** A type confusion issue was addressed with improved memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. The issue can be exploited by a remote attacker using a specially crafted website, potentially allowing them to execute arbitrary code. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes for Windows versions prior to 12.9.3, update to iTunes 12.9.3 or later. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1.1 tvOS versions prior to 12.1.1 watchOS versions prior to 5.1.2 Safari versions prior to 12.0.2 iTunes for Windows versions prior to 12.9.2 iCloud for Windows versions prior to 7.9 Description: A logic issue resulted in memory corruption, which was addressed with improved state management. Recommendations: For iOS versions prior to 12.1.1, update to iOS 12.1.1 or later. For tvOS versions prior to 12.1.1, update to tvOS 12.1.1 or later. For watchOS versions prior to 5.1.2, update to watchOS 5.1.2 or later. For Safari versions prior to 12.0.2, update to Safari 12.0.2 or later. For iTunes for Windows versions prior to 12.9.2, update to iTunes 12.9.2 or later. For iCloud for Windows versions prior to 7.9, update to iCloud for Windows 7.9 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1.1 tvOS versions prior to 12.1.1 watchOS versions prior to 5.1.2 Safari versions prior to 12.0.2 iTunes versions prior to 12.9.2 for Windows iCloud for Windows versions prior to 7.9 Description: A memory corruption issue was addressed with improved memory handling. Recommendations: For iOS versions prior to 12.1.1, update to iOS 12.1.1 or later. For tvOS versions prior to 12.1.1, update to tvOS 12.1.1 or later. For watchOS versions prior to 5.1.2, update to watchOS 5.1.2 or later. For Safari versions prior to 12.0.2, update to Safari 12.0.2 or later. For iTunes versions prior to 12.9.2 for Windows, update to iTunes 12.9.2 or later for Windows. For iCloud for Windows versions prior to 7.9, update to iCloud for Windows 7.9 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1.1 tvOS versions prior to 12.1.1 watchOS versions prior to 5.1.2 Safari versions prior to 12.0.2 iTunes for Windows versions prior to 12.9.2 iCloud for Windows versions prior to 7.9 Description: A memory corruption issue was addressed with improved memory handling. Recommendations: For iOS versions prior to 12.1.1, update to iOS 12.1.1 or later. For tvOS versions prior to 12.1.1, update to tvOS 12.1.1 or later. For watchOS versions prior to 5.1.2, update to watchOS 5.1.2 or later. For Safari versions prior to 12.0.2, update to Safari 12.0.2 or later. For iTunes for Windows versions prior to 12.9.2, update to iTunes 12.9.2 or later. For iCloud for Windows versions prior to 7.9, update to iCloud for Windows 7.9 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1.1 tvOS versions prior to 12.1.1 watchOS versions prior to 5.1.2 Safari versions prior to 12.0.2 iTunes for Windows versions prior to 12.9.2 iCloud for Windows versions prior to 7.9 Description: A memory corruption issue was addressed with improved memory handling. Recommendations: For iOS versions prior to 12.1.1, update to iOS 12.1.1 or later. For tvOS versions prior to 12.1.1, update to tvOS 12.1.1 or later. For watchOS versions prior to 5.1.2, update to watchOS 5.1.2 or later. For Safari versions prior to 12.0.2, update to Safari 12.0.2 or later. For iTunes for Windows versions prior to 12.9.2, update to iTunes 12.9.2 or later. For iCloud for Windows versions prior to 7.9, update to iCloud for Windows 7.9 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 tvOS versions prior to 12.1 watchOS versions prior to 5.1 Safari versions prior to 12.0.1 iTunes versions prior to 12.9.1 iCloud for Windows versions prior to 7.8 Description: The issue is related to multiple memory corruption problems that were addressed with improved memory handling. Recommendations: For iOS versions prior to 12.1, update to version 12.1 or later. For tvOS versions prior to 12.1, update to version 12.1 or later. For watchOS versions prior to 5.1, update to version 5.1 or later. For Safari versions prior to 12.0.1, update to version 12.0.1 or later. For iTunes versions prior to 12.9.1, update to version 12.9.1 or later. For iCloud for Windows versions prior to 7.8, update to version 7.8 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow in the ChakraCore JavaScript engine of Microsoft Edge, allowing a remote attacker to execute arbitrary code in the context of the current user by using a specially crafted web page. This could lead to memory corruption, enabling the attacker to gain the same user rights as the current user. If the current user has administrative rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1 tvOS versions prior to 12.1 watchOS versions prior to 5.1 Safari versions prior to 12.0.1 iTunes versions prior to 12.9.1 iCloud for Windows versions prior to 7.8 **Description** Multiple memory corruption issues were addressed with improved memory handling. **Recommendations** For iOS versions prior to 12.1, update to iOS 12.1 or later. For tvOS versions prior to 12.1, update to tvOS 12.1 or later. For watchOS versions prior to 5.1, update to watchOS 5.1 or later. For Safari versions prior to 12.0.1, update to Safari 12.0.1 or later. For iTunes versions prior to 12.9.1, update to iTunes 12.9.1 or later. For iCloud for Windows versions prior to 7.8, update to iCloud for Windows 7.8 or later.

Name of the Vulnerable Software and Affected Versions: Microsoft Edge (affected versions not specified) Description: The issue is related to a remote code execution problem in the Chakra scripting engine of Microsoft Edge, caused by a buffer overflow in memory. This could allow an attacker to execute arbitrary code on a user's system by using a specially crafted web page. If successfully exploited, the attacker could gain the same user rights as the current user, potentially taking control of the affected system if the user has administrative rights. This could enable the attacker to install programs, view, change, or delete data, or create new accounts with full user rights. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An elevation of privilege issue exists in Microsoft Edge, allowing an attacker to escape the AppContainer sandbox in the browser. This could enable an attacker to gain elevated privileges and break out of the Edge AppContainer sandbox. The issue by itself does not allow arbitrary code execution but could be used in conjunction with other vulnerabilities, such as remote code execution and another elevation of privilege vulnerability, to exploit elevated privileges. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Windows 7 Windows Server 2012 R2 Windows RT 8.1 Windows Server 2008 Windows Server 2012 Windows 8.1 Windows Server 2016 Windows Server 2008 R2 Windows 10 Windows 10 Servers **Description** The issue is related to an elevation of privilege, allowing a sandbox escape. This can be exploited by an attacker to gain elevated privileges. The vulnerability is associated with insufficient access restrictions in the isolated environment of the Windows operating system. **Recommendations** For Windows 7, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows Server 2012 R2, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows RT 8.1, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows Server 2008, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows Server 2012, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows 8.1, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows Server 2016, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows Server 2008 R2, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows 10, apply the necessary patch to fix the elevation of privilege vulnerability. For Windows 10 Servers, apply the necessary patch to fix the elevation of privilege vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is related to errors in handling objects in memory by the ChakraCore JavaScript engine. It could allow a remote attacker to execute arbitrary code in the context of the current user by using a specially crafted web page. Successful exploitation could grant the attacker the same user rights as the current user. If the current user has administrative rights, the attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft browsers (affected versions not specified) **Description** A remote code execution issue exists in the way the scripting engine handles objects in memory. This could allow an attacker to corrupt memory and execute arbitrary code in the context of the current user, potentially gaining the same user rights as the current user. If the current user has administrative rights, an attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** The issue is caused by a buffer overflow in the ChakraCore JavaScript engine of Microsoft Edge. This could allow a remote attacker to execute arbitrary code using specially crafted web page content. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge and Internet Explorer (affected versions not specified) **Description** The issue is caused by a buffer overflow in the ChakraCore JavaScript engine, allowing a remote attacker to execute arbitrary code with the help of a specially crafted web page. This could corrupt memory, enabling the attacker to gain the same user rights as the current user. If the current user has administrative rights, the attacker could take control of the affected system, install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft browsers (affected versions not specified) **Description** A remote code execution issue exists in the way the scripting engine handles objects in memory in Microsoft browsers. This could corrupt memory, allowing an attacker to execute arbitrary code in the context of the current user. If the current user has administrative rights, the attacker could gain control of the system, enabling them to install programs, view, change, or delete data, and create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge and Internet Explorer 11 (affected versions not specified) **Description** The issue is related to errors in the mechanisms for processing objects in memory in Microsoft browsers. Exploitation of this issue could allow a remote attacker to execute arbitrary code with the privileges of the current user by using specially crafted web page content. If the current user has administrative rights, a successful exploitation could allow the attacker to gain control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.