Natashenka

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** An input validation issue may lead to a denial of service when processing a maliciously crafted message. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 to resolve the issue. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 13.3 Apple iOS version 12.4.4 and earlier Apple iPadOS versions prior to 13.3 Apple macOS versions prior to 10.15.2 Apple macOS Mojave versions without Security Update 2019-002 Apple macOS High Sierra versions without Security Update 2019-007 Apple tvOS versions prior to 13.3 Apple watchOS versions prior to 6.1.1 Apple watchOS version 5.3.4 and earlier **Description** An out-of-bounds read issue was addressed with improved input validation. Processing malicious video via FaceTime may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 13.3, update to iOS 13.3 or later. For iOS version 12.4.4 and earlier, update to iOS 12.4.4 or later if updating to iOS 13.3 or later is not feasible. For iPadOS versions prior to 13.3, update to iPadOS 13.3 or later. For macOS versions prior to 10.15.2, update to macOS 10.15.2 or later. For macOS Mojave, apply Security Update 2019-002. For macOS High Sierra, apply Security Update 2019-007. For tvOS versions prior to 13.3, update to tvOS 13.3 or later. For watchOS versions prior to 6.1.1, update to watchOS 6.1.1 or later. For watchOS version 5.3.4 and earlier, update to watchOS 5.3.4 or later if updating to watchOS 6.1.1 or later is not feasible.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.5 Security Update versions prior to 2019-003 High Sierra Security Update versions prior to 2019-003 Sierra iOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** An input validation issue may allow a remote attacker to cause a system denial of service. **Recommendations** For macOS versions prior to 10.14.5, update to macOS Mojave 10.14.5. For Security Update versions prior to 2019-003 High Sierra, apply Security Update 2019-003 High Sierra. For Security Update versions prior to 2019-003 Sierra, apply Security Update 2019-003 Sierra. For iOS versions prior to 12.3, update to iOS 12.3. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1.

Name of the Vulnerable Software and Affected Versions: Google Chrome versions prior to 84.0.4147.89 Description: The issue is related to an inappropriate implementation in WebRTC, which can lead to heap corruption via a crafted SCTP stream. This can potentially be exploited by an attacker in a privileged network position. The vulnerability is also related to a buffer overflow in the WebRTC implementation, which can allow a remote attacker to compromise data integrity. Recommendations: For Google Chrome versions prior to 84.0.4147.89, update to version 84.0.4147.89 or later to resolve the issue. As a temporary workaround, consider restricting access to WebRTC functionality until the update is applied.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 tvOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** A use after free issue was addressed with improved memory management. A remote attacker may be able to cause arbitrary code execution. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Catalina versions prior to 10.15 iOS versions prior to 13 iCloud for Windows versions prior to 7.14 and prior to 10.7 tvOS versions prior to 13 watchOS versions prior to 6 iTunes for Windows versions prior to 12.10.1 **Description** An out-of-bounds read issue was addressed with improved input validation, which may allow a remote attacker to cause unexpected application termination or arbitrary code execution. **Recommendations** For macOS Catalina versions prior to 10.15, update to macOS Catalina 10.15 or later. For iOS versions prior to 13, update to iOS 13 or later. For iCloud for Windows versions prior to 7.14 and prior to 10.7, update to iCloud for Windows 7.14 or iCloud for Windows 10.7 or later. For tvOS versions prior to 13, update to tvOS 13 or later. For watchOS versions prior to 6, update to watchOS 6 or later. For iTunes for Windows versions prior to 12.10.1, update to iTunes 12.10.1 for Windows or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 **Description** A remote attacker may be able to leak memory due to this issue. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.6 **Description** A use after free issue was addressed with improved memory management. A remote attacker may be able to cause arbitrary code execution. **Recommendations** For macOS versions prior to 10.14.6, update to macOS Mojave 10.14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** No specific software or versions are mentioned in the provided descriptions. **Description** An out-of-bounds read issue was addressed with improved input validation. The issue is related to remote iPhone exploitation via iMessage. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 watchOS versions prior to 5.2.1 **Description** An input validation issue may lead to a denial of service when processing a maliciously crafted message. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 to resolve the issue. For watchOS versions prior to 5.2.1, update to watchOS 5.2.1 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 Description: A memory corruption issue was addressed with improved input validation. Recommendations: For versions prior to 12.1, update to iOS 12.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 Description: A memory corruption issue was addressed with improved input validation. Recommendations: For versions prior to 12.1, update to iOS 12.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A buffer overflow issue was addressed with improved memory handling. A remote attacker may be able to initiate a FaceTime call causing arbitrary code execution. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4 Safari versions prior to 11.1.1 iCloud versions prior to 7.5 on Windows iTunes versions prior to 12.7.5 on Windows tvOS versions prior to 11.4 watchOS versions prior to 4.3.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code via a crafted web site. This is achieved by leveraging a getWasmBufferFromValue out-of-bounds read during WebAssembly compilation. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4 Apple Safari versions prior to 11.1.1 Apple iCloud versions prior to 7.5 on Windows Apple iTunes versions prior to 12.7.5 on Windows Apple tvOS versions prior to 11.4 **Description** The issue involves the WebKit component and allows remote attackers to obtain sensitive credential information transmitted during a CSS mask-image fetch. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11.4 Apple Safari versions prior to 11.1.1 Apple iCloud versions prior to 7.5 on Windows Apple iTunes versions prior to 12.7.5 on Windows Apple tvOS versions prior to 11.4 Apple watchOS versions prior to 4.3.1 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site that triggers an @generatorState use-after-free. **Recommendations** For iOS versions prior to 11.4, update to version 11.4 or later. For Safari versions prior to 11.1.1, update to version 11.1.1 or later. For iCloud versions prior to 7.5 on Windows, update to version 7.5 or later. For iTunes versions prior to 12.7.5 on Windows, update to version 12.7.5 or later. For tvOS versions prior to 11.4, update to version 11.4 or later. For watchOS versions prior to 4.3.1, update to version 4.3.1 or later.

**Name of the Vulnerable Software and Affected Versions** Samsung Galaxy S6 versions prior to October 2015 MR **Description** The issue allows remote attackers to cause a denial of service, resulting in memory corruption and SIGSEGV, via a crafted image file. **Recommendations** For Samsung Galaxy S6 versions prior to October 2015 MR, apply the October 2015 MR patch to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung LibQjpeg version not specified **Description** The issue allows remote attackers to cause a denial of service and execute arbitrary code via a crafted JPG. This can result in a segmentation fault and process crash. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. This is caused by a buffer overflow in memory. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For Safari versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.2, update to version 10.2 or later. As a temporary workaround, consider restricting access to the WebKit component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3 Safari versions prior to 10.1 tvOS versions prior to 10.2 **Description** The issue involves the `WebKit` component and allows remote attackers to execute arbitrary code via a crafted web site. It is related to the mishandling of strict mode functions and insufficient access control, which can be exploited to compromise information confidentiality. **Recommendations** For iOS versions prior to 10.3, update to version 10.3 or later. For Safari versions prior to 10.1, update to version 10.1 or later. For tvOS versions prior to 10.2, update to version 10.2 or later.