Setuid0X0

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.6 **Description** A local user may be able to load unsigned kernel extensions due to a time-of-check time-of-use memory corruption issue. This could potentially allow for unauthorized kernel extension loading. **Recommendations** For versions prior to 10.15.6, update to macOS Catalina 10.15.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.1 **Description** A logic issue was addressed with improved restrictions, which may allow a malicious process to cause Safari to launch an application. **Recommendations** For versions prior to 13.1.1, update to Safari 13.1.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.5 iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 **Description** A race condition was addressed with improved state handling, which may allow an application to gain elevated privileges. This issue was exploited in real-world incidents, such as the Pwn2Own event, where a Time-Of-Check Time-Of-Use Privilege Escalation Vulnerability was demonstrated in Apple macOS. **Recommendations** For macOS versions prior to 10.15.5, update to macOS 10.15.5 or later. For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.5 **Description** The issue allows an application to potentially gain elevated privileges due to a heap-based buffer overflow vulnerability in the Core Virtual Machine Service. This vulnerability was demonstrated in a real-world scenario at Pwn2Own. **Recommendations** For versions prior to 10.15.5, update to macOS Catalina 10.15.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.1 iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 iTunes for Windows version prior to 12.10.7 iCloud for Windows versions prior to 11.2 and 7.19 **Description** The issue is related to a logic problem in the WebKit module, which can be exploited by a remote attacker using malicious web content to execute arbitrary code. This is due to an incorrect implementation of the sequence of actions performed. A remote attacker may be able to cause arbitrary code execution. **Recommendations** For Safari version prior to 13.1.1, update to version 13.1.1 or later. For iOS version prior to 13.5, update to version 13.5 or later. For iPadOS version prior to 13.5, update to version 13.5 or later. For tvOS version prior to 13.4.5, update to version 13.4.5 or later. For watchOS version prior to 6.2.5, update to version 6.2.5 or later. For iTunes for Windows version prior to 12.10.7, update to version 12.10.7 or later. For iCloud for Windows versions prior to 11.2 and 7.19, update to version 11.2 or 7.19 or later.