Turmio

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 17 iPadOS versions prior to 17 macOS versions prior to Sonoma 14 **Description** A configuration issue was addressed with additional restrictions. This issue may allow an app to access a user's Photos Library. **Recommendations** For iOS versions prior to 17, update to iOS 17 to resolve the issue. For iPadOS versions prior to 17, update to iPadOS 17 to resolve the issue. For macOS versions prior to Sonoma 14, update to macOS Sonoma 14 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.3 **Description** A logic issue was addressed with improved checks. This issue allows an app to bypass Gatekeeper checks. The estimated number of potentially affected devices worldwide is not provided. There is no information about real-world incidents where this issue was exploited. **Recommendations** For macOS Ventura versions prior to 13.3, update to macOS Ventura 13.3 to resolve the issue. As a temporary workaround, consider restricting the installation of apps to only those that are trusted and verified by Gatekeeper until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.6.1 macOS Big Sur versions prior to 11.7.1 **Description** A remote user may be able to write arbitrary files. This issue enables attackers to overwrite or delete files within the Calendar app’s filesystem. **Recommendations** For macOS versions prior to 12.6.1, update to macOS Monterey 12.6.1. For macOS Big Sur versions prior to 11.7.1, update to macOS Big Sur 11.7.1.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to Big Sur 11.3 Security Update versions prior to 2021-002 Catalina Security Update versions prior to 2021-003 Mojave Description: A permissions issue existed in DiskArbitration, which was addressed with additional ownership checks. This issue allowed a malicious application to potentially modify protected parts of the file system. Recommendations: For macOS versions prior to Big Sur 11.3, update to macOS Big Sur 11.3 or later. For Security Update versions prior to 2021-002 Catalina, apply Security Update 2021-002 Catalina or later. For Security Update versions prior to 2021-003 Mojave, apply Security Update 2021-003 Mojave or later.

Name of the Vulnerable Software and Affected Versions: macOS Big Sur versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave Description: A logic issue was addressed with improved state management. Mounting a maliciously crafted Samba network share may lead to arbitrary code execution. Recommendations: For macOS Big Sur versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.15.6 Security Update 2020-004 Mojave versions prior to the update Security Update 2020-004 High Sierra versions prior to the update Description: A logic issue was addressed with improved state management. Processing a maliciously crafted email may lead to writing arbitrary files. The vulnerability is related to the automatic unpacking mechanism of the Apple Mail client in Apple Mac OS, which is associated with incorrect handling of logical operations. Exploitation of the vulnerability may allow a remote attacker to write arbitrary files in the ~/Library/Mail and $TMPDIR directories. This could potentially lead to changes in the Mail application configuration, such as setting up automatic forwarding of incoming messages or spreading the exploit through the victim's address book. Further development of this vulnerability could potentially lead to remote code execution (RCE). Recommendations: For macOS versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For Security Update 2020-004 Mojave, apply the Security Update 2020-004 or later. For Security Update 2020-004 High Sierra, apply the Security Update 2020-004 or later. As a temporary workaround, consider disabling the automatic unpacking feature in the Mail client until a patch is available. Restrict access to the ~/Library/Mail and $TMPDIR directories to minimize the risk of exploitation.