Patrick Wardle

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.7.6 macOS versions prior to 13.6.8 macOS versions prior to 14.6 **Description** A type confusion issue was addressed with improved checks, which may allow an attacker to cause unexpected app termination. **Recommendations** For macOS versions prior to 12.7.6, update to macOS Monterey 12.7.6. For macOS versions prior to 13.6.8, update to macOS Ventura 13.6.8. For macOS versions prior to 14.6, update to macOS Sonoma 14.6.

**Name of the Vulnerable Software and Affected Versions** Zoom Client for Meetings versions prior to 5.11.3 **Description** The issue is related to incorrect cryptographic signature validation in the update process of the Zoom Client for Meetings for macOS. This could allow a local low-privileged user to exploit the vulnerability and escalate their privileges to root. **Recommendations** For versions prior to 5.11.3, update to version 5.11.3 or later to resolve the issue. As a temporary workaround, consider restricting the update process until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** Zoom Client for Meetings for macOS versions 5.7.3 through 5.11.5 **Description** The issue is related to a vulnerability in the auto update process, specifically due to incorrect cryptographic signature verification. This could allow a local low-privileged user to escalate their privileges to root. **Recommendations** For versions 5.7.3 through 5.11.5, update to a version after 5.11.5 to resolve the issue. As a temporary workaround, consider disabling the auto-update feature until a patch is available. Restrict access to the auto-update process to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Zoom Client for Meetings for MacOS versions prior to 5.9.6 **Description** The issue arises from the failure to properly check the package version during the update process. This could allow a malicious actor to update a user's currently installed version to a less secure version. **Recommendations** For versions prior to 5.9.6, update to version 5.9.6 or later to resolve the issue. As a temporary workaround, consider disabling automatic updates until a patch is applied. Restrict access to the update mechanism to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.6 **Description** A memory corruption issue was addressed with improved memory handling. A remote attacker may cause an unexpected application termination. **Recommendations** For versions prior to 10.15.6, update to macOS Catalina 10.15.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoom Client for Meetings versions 4.6.8 and earlier **Description** The issue allows a local process to obtain unprompted microphone and camera access by loading a crafted library, thereby inheriting the Zoom Client's access. This is possible due to the disable-library-validation entitlement. **Recommendations** For Zoom Client for Meetings versions 4.6.8 and earlier, consider updating to a version that does not have the disable-library-validation entitlement to prevent local processes from obtaining unprompted microphone and camera access. As a temporary workaround, consider restricting access to the microphone and camera for the Zoom Client to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.4 **Description** A logic issue was addressed with improved restrictions. A maliciously crafted application may be able to bypass code signing enforcement. **Recommendations** For versions prior to 10.15.4, update to macOS Catalina 10.15.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Zoom Client for Meetings versions 4.6.8 and earlier **Description** The issue allows a local process to obtain root access by replacing `runwithroot` after it is copied to a user-writable temporary directory during installation. This can be exploited by a local process with the user's privileges. **Recommendations** For Zoom Client for Meetings versions 4.6.8 and earlier, consider updating to a version that contains a fix for this issue, as the current version allows for potential privilege escalation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 11.4.1 watchOS versions prior to 4.3.2 **Description** A denial of service issue was addressed with improved memory handling. **Recommendations** For iOS versions prior to 11.4.1, update to iOS 11.4.1 or later. For watchOS versions prior to 4.3.2, update to watchOS 4.3.2 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12 macOS versions prior to 10.14 tvOS versions prior to 12 watchOS versions prior to 5 Description: This issue was addressed with improved checks. Recommendations: For iOS versions prior to 12, update to iOS 12 or later. For macOS versions prior to 10.14, update to macOS 10.14 or later. For tvOS versions prior to 12, update to tvOS 12 or later. For watchOS versions prior to 5, update to watchOS 5 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.1 Description: This issue was addressed by removing additional entitlements. Recommendations: For versions prior to 10.14.1, update to macOS Mojave 10.14.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.13 Description: The issue involves the "Installer" component and its failure to properly restrict an app's entitlements for accessing the FileVault unlock key. Recommendations: For macOS versions prior to 10.13, update to version 10.13 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `Security` component and allows attackers to execute arbitrary code in a privileged context via a crafted app. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.13 Supplemental Update Description: The issue involves the `Security` component and is related to inadequate access control. It allows attackers to bypass the keychain access prompt and extract passwords via a synthetic click. Recommendations: For macOS versions prior to 10.13 Supplemental Update, update to macOS 10.13 Supplemental Update or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.2 macOS versions prior to 10.12.5 tvOS versions prior to 10.2.1 watchOS versions prior to 3.2.2 **Description** The issue involves the Kernel component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For iOS versions prior to 10.3.2, update to version 10.3.2 or later. For macOS versions prior to 10.12.5, update to version 10.12.5 or later. For tvOS versions prior to 10.2.1, update to version 10.2.1 or later. For watchOS versions prior to 3.2.2, update to version 3.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue involves the `sudo` component and allows remote authenticated users to gain privileges by leveraging membership in the admin group on a network directory server. It is related to incorrect permission handling. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue. As a temporary workaround, consider restricting membership in the admin group on the network directory server to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.4 **Description** The issue involves the system-installation subsystem of the "System Integrity Protection" component, allowing attackers to modify the contents of a protected disk location via a crafted app. **Recommendations** For macOS versions prior to 10.12.4, update to version 10.12.4 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Little Snitch versions 3.0 through 3.6.1 **Description** The issue is related to a buffer overflow that could be locally exploited, potentially leading to an escalation of privileges and unauthorized access to the operating system. This buffer overflow is due to insufficient checking of parameters to the `OSMalloc` and `copyin` kernel API calls. **Recommendations** For Little Snitch versions 3.0 through 3.6.1, consider restricting access to the `OSMalloc` and `copyin` kernel API calls as a temporary mitigation measure until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.1 **Description** The issue is related to an untrusted search path vulnerability. It allows a local attacker to bypass Gatekeeper restrictions and gain privileges by loading a Trojan horse program from an unexpected directory. This can be done via an application that has a valid Apple digital signature. **Recommendations** For Apple OS X versions prior to 10.11.1, update to version 10.11.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.4 **Description** The issue is related to the code-signing implementation, which does not properly consider external libraries to an application bundle. This allows attackers to bypass intended launch restrictions by using a crafted library. **Recommendations** For Apple OS X versions prior to 10.10.4, update to version 10.10.4 or later to resolve the issue.