Mark Rogers

**Name of the Vulnerable Software and Affected Versions** Windows (affected versions not specified) **Description** The issue is related to insecure privilege management in the Win32k component of the Windows operating system. Exploitation of this issue may allow an attacker to elevate their privileges. It is an elevation-of-privilege vulnerability that allows attackers to affect the system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.12 **Description** The issue concerns the SecKeyDeriveFromPassword function, which does not use the CF RETAINS RETAINED keyword. This allows attackers to obtain sensitive information from process memory by triggering key derivation. **Recommendations** For versions prior to 10.12, update to Apple OS X version 10.12 or later to resolve the issue.