Samuel Gro

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `802.1X` component and is related to errors in the implementation of the TLS 1.0 protocol. This allows attackers to have an unspecified impact, potentially compromising the confidentiality, integrity, and availability of protected information by leveraging TLS 1.0 support. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue. As a temporary workaround, consider disabling the `802.1X` component until a patch is available. Restrict access to sensitive information and networks to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `CFNetwork` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is due to a buffer overflow in memory, which can be exploited by a remote attacker. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `CFNetwork` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.1 **Description** The issue involves the `CFNetwork` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is due to a heap-based buffer overflow in the `CFNetwork` component. The estimated number of potentially affected devices worldwide is not available. There is no information about real-world incidents where this issue was exploited. **Recommendations** For macOS versions prior to 10.13.1, update to version 10.13.1 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `CFNetwork` component until a patch is available. Avoid using crafted apps that may exploit the heap-based buffer overflow vulnerability in the `CFNetwork` component.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11 Apple Safari versions prior to 11 Apple iCloud versions prior to 7.0 on Windows Apple iTunes versions prior to 12.7 on Windows Apple tvOS versions prior to 11 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 11, update to version 11 or later. For Safari versions prior to 11, update to version 11 or later. For iCloud versions prior to 7.0 on Windows, update to version 7.0 or later. For iTunes versions prior to 12.7 on Windows, update to version 12.7 or later. For tvOS versions prior to 11, update to version 11 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 11 Apple Safari versions prior to 11 Apple iCloud versions prior to 7.0 on Windows Apple iTunes versions prior to 12.7 on Windows Apple tvOS versions prior to 11 **Description** The issue involves the WebKit component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted web site. **Recommendations** For iOS versions prior to 11, update to version 11 or later. For Safari versions prior to 11, update to version 11 or later. For iCloud versions prior to 7.0 on Windows, update to version 7.0 or later. For iTunes versions prior to 12.7 on Windows, update to version 12.7 or later. For tvOS versions prior to 11, update to version 11 or later.