Spark

**Name of the Vulnerable Software and Affected Versions** Mattermost Desktop App versions <=5.8.0 **Description** The Mattermost Desktop App fails to specify an absolute path when searching for the `cmd.exe` file, allowing a local attacker who can place a `cmd.exe` file in the user's Downloads folder to cause remote code execution on that machine. A local attacker can exploit this issue by putting a malicious `cmd.exe` file in the Downloads folder, leading to remote code execution. **Recommendations** For Mattermost Desktop App versions <=5.8.0, upgrade to version 5.9.0 to resolve the issue. As a temporary workaround, consider restricting access to the Downloads folder to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 6.1.2 iOS versions prior to 13.3.1 iPadOS versions prior to 13.3.1 tvOS versions prior to 13.3.1 **Description** A memory corruption issue was addressed with improved memory handling, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For watchOS versions prior to 6.1.2, update to watchOS 6.1.2 to resolve the issue. For iOS versions prior to 13.3.1, update to iOS 13.3.1 to resolve the issue. For iPadOS versions prior to 13.3.1, update to iPadOS 13.3.1 to resolve the issue. For tvOS versions prior to 13.3.1, update to tvOS 13.3.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 6.1.2 **Description** A memory corruption issue was addressed with improved state management, allowing an application to potentially execute arbitrary code with kernel privileges. **Recommendations** For versions prior to 6.1.2, update to watchOS 6.1.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12 **Description** This issue was addressed with improved entitlements. **Recommendations** For versions prior to iOS 12, update to iOS 12 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9 **Description** The issue is related to insufficient access control in the SpringBoard component of the iOS operating system. This can be exploited by a remote attacker using a specially crafted application to spoof the dialog windows of arbitrary apps. **Recommendations** For versions prior to 9, update to a version 9 or later to resolve the issue. As a temporary workaround, consider restricting the installation of untrusted or third-party applications to minimize the risk of exploitation.