Ryan Hileman

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iPadOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 visionOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** An out-of-bounds write issue exists due to insufficient input validation. This flaw allows an application to write to kernel memory or cause unexpected system termination. **Recommendations** Update iOS to version 18.7.9 Update iPadOS to version 18.7.9 Update iOS to version 26.5 Update iPadOS to version 26.5 Update macOS Sequoia to version 15.7.7 Update macOS Sonoma to version 14.8.7 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update visionOS to version 26.5 Update watchOS to version 26.5

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.9 iOS versions prior to 26.5 iPadOS versions prior to 18.7.9 iPadOS versions prior to 26.5 macOS Sequoia versions prior to 15.7.7 macOS Sonoma versions prior to 14.8.7 macOS Tahoe versions prior to 26.5 tvOS versions prior to 26.5 watchOS versions prior to 26.5 **Description** A race condition occurs when the system attempts to perform two or more operations at the same time, but the operations are executed in an unexpected order. This issue allows an app to cause unexpected system termination. **Recommendations** Update iOS to version 18.7.9 or 26.5 Update iPadOS to version 18.7.9 or 26.5 Update macOS Sequoia to version 15.7.7 Update macOS Sonoma to version 14.8.7 Update macOS Tahoe to version 26.5 Update tvOS to version 26.5 Update watchOS to version 26.5

Name of the Vulnerable Software and Affected Versions CPython (affected versions not specified) Description A use-after-free (UAF) issue exists in `lzma.LZMADecompressor`, `bz2.BZ2Decompressor`, and `gzip.GzipFile`. This occurs when a memory allocation fails with a `MemoryError` and the decompression instance is subsequently reused, typically under memory pressure. Use-after-free is a condition where a program continues to use a memory address after it has been released. This issue does not affect the use of one-shot decompression helper functions such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()`, nor does it affect cases where decompressor instances are not reused after an error. Recommendations Avoid reusing decompressor instances across multiple decompression calls after a `MemoryError` is raised. Use helper functions such as `lzma.decompress()`, `bz2.decompress()`, `gzip.decompress()`, and `zlib.decompress()` to perform one-shot decompression. At the moment, there is no information about a newer version that contains a fix for this vulnerability.