Shrek_Wzw

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.4 Security Update versions prior to 2021-003 Catalina Security Update versions prior to 2021-004 Mojave **Description** A logic issue was addressed with improved state management, which could allow a local user to cause unexpected system termination or read kernel memory. **Recommendations** For macOS versions prior to 11.4, update to macOS Big Sur 11.4 or later. For Security Update versions prior to 2021-003 Catalina, apply Security Update 2021-003 Catalina or later. For Security Update versions prior to 2021-004 Mojave, apply Security Update 2021-004 Mojave or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.1 Security Update versions prior to 2020-001 on Catalina Security Update versions prior to 2020-007 on Mojave **Description** A validation issue was addressed with improved logic, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For macOS Big Sur, update to version 11.1 or later. For macOS Catalina, apply Security Update 2020-001 or later. For macOS Mojave, apply Security Update 2020-007 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Mojave versions prior to 10.14.5 Security Update versions prior to 2019-003 High Sierra Security Update versions prior to 2019-003 Sierra watchOS versions prior to 5.2 macOS Mojave version 10.14.4 Security Update versions prior to 2019-002 High Sierra Security Update versions prior to 2019-002 Sierra iOS versions prior to 12.2 **Description** A memory corruption issue was addressed with improved state management, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5. For Security Update versions prior to 2019-003 High Sierra, apply Security Update 2019-003. For Security Update versions prior to 2019-003 Sierra, apply Security Update 2019-003. For watchOS versions prior to 5.2, update to watchOS 5.2. For macOS Mojave version 10.14.4, update to macOS Mojave 10.14.5. For Security Update versions prior to 2019-002 High Sierra, apply Security Update 2019-003. For Security Update versions prior to 2019-002 Sierra, apply Security Update 2019-003. For iOS versions prior to 12.2, update to iOS 12.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14.4 **Description** A buffer overflow issue was addressed through improved size validation, which could allow a malicious application to execute arbitrary code with kernel privileges. **Recommendations** For versions prior to 10.14.4, update to macOS Mojave 10.14.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.6 **Description** An information disclosure issue was addressed by removing the vulnerable code. **Recommendations** For versions prior to 10.13.6, update to macOS High Sierra 10.13.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 macOS Mojave versions prior to 10.14.3 tvOS versions prior to 12.1.2 watchOS versions prior to 5.1.3 **Description** A memory initialization issue was addressed with improved memory handling. A malicious application may be able to break out of its sandbox. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For macOS Mojave versions prior to 10.14.3, update to macOS Mojave 10.14.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.1.3 Apple tvOS versions prior to 12.1.2 Apple watchOS versions prior to 5.1.3 Apple Safari versions prior to 12.0.3 Apple iTunes for Windows versions prior to 12.9.3 Apple iCloud for Windows versions prior to 7.10 **Description** The issue is related to memory corruption and can be triggered by processing maliciously crafted web content, potentially leading to arbitrary code execution. It is caused by a buffer overflow in the WebKit display module. A remote attacker can exploit this issue using a specially crafted web page, allowing for remote code execution. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For watchOS versions prior to 5.1.3, update to watchOS 5.1.3 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes for Windows versions prior to 12.9.3, update to iTunes 12.9.3 or later. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An out-of-bounds read issue was addressed through improved input validation. **Recommendations** For versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An out-of-bounds read issue was addressed through improved input validation. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** A buffer overflow issue was addressed through improved bounds checking. **Recommendations** For versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** A buffer overflow issue was addressed through improved size validation. **Recommendations** For versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS High Sierra versions prior to 10.13.5 **Description** An input validation issue existed in the kernel, which has been addressed with improved input validation. **Recommendations** For macOS High Sierra versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue is related to an out-of-bounds read operation in the AMD component of the operating system, which can be exploited by a local user using a specially crafted application. This can lead to a denial of service or allow bypassing intended memory-read restrictions. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.13.5 **Description** The issue involves the `Bluetooth` component and allows attackers to obtain sensitive kernel memory-layout information via a crafted app that leverages device properties. It is related to an incorrect implementation of security mechanisms in the Bluetooth component, which can be exploited to disclose protected information about the kernel memory layout. **Recommendations** For macOS versions prior to 10.13.5, update to version 10.13.5 or later to resolve the issue. As a temporary workaround, consider disabling the Bluetooth component until a patch is available. Restrict access to sensitive device properties to minimize the risk of exploitation.

Name of the Vulnerable Software and Affected Versions: iOS versions prior to 11 macOS versions prior to 10.13 tvOS versions prior to 11 watchOS versions prior to 4 Description: The issue involves the Kernel component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service via a crafted app, resulting in memory corruption. Recommendations: For iOS versions prior to 11, update to version 11 or later. For macOS versions prior to 10.13, update to version 10.13 or later. For tvOS versions prior to 11, update to version 11 or later. For watchOS versions prior to 4, update to version 4 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.12.6 Description: The issue involves the `AppleGraphicsControl` component, allowing attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. Recommendations: For versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 10.3.3 macOS versions prior to 10.12.6 tvOS versions prior to 10.2.2 watchOS versions prior to 3.2.3 **Description** The issue involves the "IOUSBFamily" component and is caused by a buffer overflow in memory. This allows an attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a specially crafted app. **Recommendations** For iOS versions prior to 10.3.3, update to version 10.3.3 or later to resolve the issue. For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue. For tvOS versions prior to 10.2.2, update to version 10.2.2 or later to resolve the issue. For watchOS versions prior to 3.2.3, update to version 3.2.3 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue is caused by a buffer overflow in the Intel Graphics Driver component of the operating system, allowing a remote attacker to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) using a specially crafted application. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue involves the `Intel Graphics Driver` component and allows attackers to execute arbitrary code in a privileged context or cause a denial of service (memory corruption) via a crafted app. This is caused by a buffer overflow in memory, which can be exploited by a remote attacker to achieve the aforementioned effects. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue. As a temporary workaround, consider restricting the use of the `Intel Graphics Driver` component until a patch is available.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.12.6 **Description** The issue involves the Intel Graphics Driver component and allows attackers to bypass intended memory-read restrictions via a crafted app. **Recommendations** For macOS versions prior to 10.12.6, update to version 10.12.6 or later to resolve the issue.