Sabri Haddouche

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 tvOS versions prior to 12.1 Safari versions prior to 12.0.1 iTunes versions prior to 12.9.1 iCloud for Windows versions prior to 7.8 Description: A resource exhaustion issue was addressed with improved input validation. Recommendations: For iOS versions prior to 12.1, update to iOS 12.1 or later. For tvOS versions prior to 12.1, update to tvOS 12.1 or later. For Safari versions prior to 12.0.1, update to Safari 12.0.1 or later. For iTunes versions prior to 12.9.1, update to iTunes 12.9.1 or later. For iCloud for Windows versions prior to 7.8, update to iCloud for Windows 7.8 or later.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 12.1 tvOS versions prior to 12.1 watchOS versions prior to 5.1 Safari versions prior to 12.0.1 iTunes versions prior to 12.9.1 iCloud for Windows versions prior to 7.8 Description: Multiple memory corruption issues were addressed with improved memory handling. Recommendations: For iOS versions prior to 12.1, update to version 12.1 or later. For tvOS versions prior to 12.1, update to version 12.1 or later. For watchOS versions prior to 5.1, update to version 5.1 or later. For Safari versions prior to 12.0.1, update to version 12.0.1 or later. For iTunes versions prior to 12.9.1, update to version 12.9.1 or later. For iCloud for Windows versions prior to 7.8, update to version 7.8 or later.

Name of the Vulnerable Software and Affected Versions: Microsoft Office for Mac version 2016 Description: The issue allows an attacker to send a specially crafted email attachment to a user in an attempt to launch a social engineering attack, such as phishing, due to how Outlook for Mac displays encoded email addresses. Recommendations: For Microsoft Office 2016 for Mac, update the software to a version that fixes the issue, or consider disabling the display of encoded email addresses in Outlook for Mac as a temporary workaround to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Thunderbird versions prior to 52.5.2 **Description** The issue allows an attacker to spoof the sender's email address, displaying an arbitrary sender address to the recipient. This is achieved by preceding the real sender's address with a null character in the display string, which prevents the real address from being displayed. **Recommendations** For versions prior to 52.5.2, update to version 52.5.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.1 **Description** The issue is related to insufficient input validation in the Safari component of the iOS operating system. It allows a remote attacker to cause a denial of service using a specially crafted URL. **Recommendations** For iOS versions prior to 10.1, update to a version 10.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12 **Description** The issue involves the `Mail` component, which allows remote web servers to cause a denial of service via a crafted URL. It exists due to insufficient input validation, allowing a remote attacker to exploit it and cause a denial of service using a specially formed URL. **Recommendations** For macOS versions prior to 10.12, update to version 10.12 or later to resolve the issue. As a temporary workaround, consider restricting access to the `Mail` component to minimize the risk of exploitation.