Rahul D Kankrale

**Name of the Vulnerable Software and Affected Versions** SemWifiApBroadcastReceiver versions prior to SMR Aug-2022 Release 1 **Description** The issue is related to improper access control in SemWifiApBroadcastReceiver, allowing an attacker to reset a setting value related to mobile hotspot. **Recommendations** For versions prior to SMR Aug-2022 Release 1, update to SMR Aug-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** AR Emoji versions prior to SMR Jun-2022 Release 1 **Description** The issue is related to an improper caller check in AR Emoji, which allows untrusted applications to use some camera functions via deeplink. **Recommendations** For AR Emoji versions prior to SMR Jun-2022 Release 1, update to SMR Jun-2022 Release 1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** aviextractor library versions prior to SMR May-2022 Release 1 **Description** The issue is caused by improper buffer size check logic in the aviextractor library, allowing out of bounds read and potentially leading to temporary denial of service. The patch for this issue adds buffer size check logic to prevent such occurrences. **Recommendations** For versions prior to SMR May-2022 Release 1, update to SMR May-2022 Release 1 or later to resolve the issue. As a temporary workaround, consider implementing additional buffer size checks to prevent out of bounds reads until the patch can be applied.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.2 macOS Big Sur versions prior to 11.0.1 **Description** An inconsistent user interface issue was addressed with improved state management. Visiting a malicious website may lead to address bar spoofing. **Recommendations** For Safari versions prior to 13.1.2, update to Safari 13.1.2 or later to resolve the issue. For macOS Big Sur versions prior to 11.0.1, update to macOS Big Sur 11.0.1 or later to resolve the issue.