S0Rrymybad

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 95.0.4638.69 **Description** The issue is related to type confusion in the V8 JavaScript engine, which can lead to heap corruption. A remote attacker could potentially exploit this by using a specially crafted HTML page, allowing them to execute arbitrary code or cause a denial of service. **Recommendations** For versions prior to 95.0.4638.69, update to version 95.0.4638.69 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable web pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 14.0.3 macOS Big Sur versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave tvOS versions prior to 14.4 watchOS versions prior to 7.3 iOS versions prior to 14.4 iPadOS versions prior to 14.4 **Description** The issue is related to a type confusion problem in the WebKitGTK and WPE WebKit modules, which can be exploited by a remote attacker to execute arbitrary code. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For Safari versions prior to 14.0.3, update to Safari 14.0.3 or later. For macOS Big Sur versions prior to 11.2, update to macOS Big Sur 11.2 or later. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina or later. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave or later. For tvOS versions prior to 14.4, update to tvOS 14.4 or later. For watchOS versions prior to 7.3, update to watchOS 7.3 or later. For iOS versions prior to 14.4, update to iOS 14.4 or later. For iPadOS versions prior to 14.4, update to iPadOS 14.4 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave watchOS versions prior to 7.3 tvOS versions prior to 14.4 iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: A memory corruption issue was addressed with improved state management. This issue could allow a malicious application to execute arbitrary code, potentially leading to the compromise of user information. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave. For watchOS versions prior to 7.3, update to watchOS 7.3. For tvOS versions prior to 14.4, update to tvOS 14.4. For iOS versions prior to 14.4, update to iOS 14.4. For iPadOS versions prior to 14.4, update to iPadOS 14.4.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 14.4 iPadOS versions prior to 14.4 Description: A memory initialization issue was addressed with improved memory handling, which may allow an attacker in a privileged position to perform a denial of service attack. Additionally, there are three 0-day issues that allow remote code execution (RCE) and privilege escalation, which are reportedly being used in the wild. These issues are related to the WebKit browser engine and the kernel. It is believed that these issues may be part of an exploit kit used by hackers to attack Apple devices via malicious or compromised websites. Recommendations: For iOS versions prior to 14.4, update to iOS 14.4 or later to fix the memory initialization issue and the three 0-day issues. For iPadOS versions prior to 14.4, update to iPadOS 14.4 or later to fix the memory initialization issue and the three 0-day issues.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 5.2 macOS Mojave versions prior to 10.14.4 macOS High Sierra versions prior to Security Update 2019-002 macOS Sierra versions prior to Security Update 2019-002 iOS versions prior to 12.2 **Description** A use after free issue was addressed with improved memory management. This issue allows an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For watchOS versions prior to 5.2, update to watchOS 5.2. For macOS Mojave versions prior to 10.14.4, update to macOS Mojave 10.14.4. For macOS High Sierra versions prior to Security Update 2019-002, apply Security Update 2019-002. For macOS Sierra versions prior to Security Update 2019-002, apply Security Update 2019-002. For iOS versions prior to 12.2, update to iOS 12.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue is related to a buffer overflow in the IOGraphics component of the Mac OS X operating system, which can be exploited to execute arbitrary code with kernel privileges or cause a denial of service using a specially crafted application. This can lead to memory corruption. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the IOGraphics component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the Intel Graphics Driver component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 59.0.3071.86 for Linux, Windows, and Mac Google Chrome version prior to 59.0.3071.92 for Android Opera versions prior to 59.0.3071.86 **Description** The issue is related to a type confusion in the V8 JavaScript engine, which can be exploited by a remote attacker to execute arbitrary code inside a sandbox via a crafted HTML page. This can be achieved by specially forming an HTML page. **Recommendations** For Google Chrome versions prior to 59.0.3071.86 for Linux, Windows, and Mac, update to version 59.0.3071.86 or later. For Google Chrome version prior to 59.0.3071.92 for Android, update to version 59.0.3071.92 or later. For Opera versions prior to 59.0.3071.86, update to version 59.0.3071.86 or later. As a temporary workaround, consider restricting access to crafted HTML pages until a patch is available.