Tyler Bohan

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.14 **Description** A memory corruption issue was addressed with improved input validation. **Recommendations** For versions prior to 10.14, update to macOS Mojave 10.14 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.13.6 macOS versions prior to 10.14 Description: A memory corruption issue was addressed with improved input validation. Recommendations: For versions prior to 10.13.6, update to macOS High Sierra 10.13.6 or later. For versions prior to 10.14, update to macOS Mojave 10.14 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 10.14.1 Description: A memory initialization issue was addressed with improved memory handling. Recommendations: For versions prior to 10.14.1, update to macOS Mojave 10.14.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Pixar Renderman version 22.3.0 **Description** A local privilege escalation issue exists in the Install Helper tool of Pixar Renderman for Mac OS X. This allows a user with local access to escalate their privileges to root, given they have initial access to the machine for a successful exploit. **Recommendations** For Pixar Renderman version 22.3.0, consider restricting access to the Install Helper tool until a patch is available. As a temporary workaround, limiting local access to the machine can also minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this issue.

**Name of the Vulnerable Software and Affected Versions** FreeRDP versions 2.0.0-beta1+android11 **Description** A denial of service issue exists due to the improper handling of proprietary server certificates. An attacker can send a specially crafted challenge packet, causing the program to terminate and resulting in a denial of service condition. This can be triggered by compromising the server or using a man-in-the-middle attack. **Recommendations** For FreeRDP version 2.0.0-beta1+android11, consider restricting access to the certificate reading functionality until a patch is available. As a temporary workaround, implement additional validation on challenge packets to prevent specially crafted packets from causing program termination.

**Name of the Vulnerable Software and Affected Versions** GarageBand versions prior to 10.1.6 **Description** The issue involves the `Projects` component and allows remote attackers to execute arbitrary code or cause a denial of service, resulting in memory corruption and application crash, via a crafted GarageBand project file. **Recommendations** For GarageBand versions prior to 10.1.6, update to version 10.1.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted GarageBand project files to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** GarageBand versions prior to 10.1.5 Logic Pro X versions prior to 10.3 **Description** The issue involves the `Projects` component and allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted GarageBand project file. **Recommendations** For GarageBand versions prior to 10.1.5, update to version 10.1.5 or later. For Logic Pro X versions prior to 10.3, update to version 10.3 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted EXR image with B44 compression. This is due to a buffer overflow in the ImageIO component. **Recommendations** For versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of B44 compression in EXR images until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.3 Apple OS X versions prior to 10.11.6 Apple tvOS versions prior to 9.2.2 Apple watchOS versions prior to 2.2.2 **Description** The issue is caused by a buffer overflow in the ImageIO component. This can be exploited by a remote attacker using a specially crafted TIFF file, potentially allowing the execution of arbitrary code or causing a denial of service due to memory corruption. **Recommendations** For Apple iOS versions prior to 9.3.3, update to version 9.3.3 or later. For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later. For Apple tvOS versions prior to 9.2.2, update to version 9.2.2 or later. For Apple watchOS versions prior to 2.2.2, update to version 2.2.2 or later.

**Name of the Vulnerable Software and Affected Versions** CoreGraphics in Apple iOS versions prior to 9.3.3 CoreGraphics in Apple OS X versions prior to 10.11.6 CoreGraphics in Apple tvOS versions prior to 9.2.2 CoreGraphics in Apple watchOS versions prior to 2.2.2 **Description** The issue is caused by a buffer overflow in the CoreGraphics component of Mac OS X and iOS operating systems. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) using a specially crafted BMP image. **Recommendations** For iOS versions prior to 9.3.3, update to version 9.3.3 or later to resolve the issue. For OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. For tvOS versions prior to 9.2.2, update to version 9.2.2 or later to resolve the issue. For watchOS versions prior to 2.2.2, update to version 2.2.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of specially crafted BMP images until a patch is available.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.11.6 **Description** The issue allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via crafted `xStride` and `yStride` values in an EXR image. This is due to a buffer overflow in the ImageIO service. **Recommendations** For Apple OS X versions prior to 10.11.6, update to version 10.11.6 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted EXR images that contain malicious `xStride` and `yStride` values until the update is applied.

**Name of the Vulnerable Software and Affected Versions** OS X versions prior to 10.11.5 **Description** The issue is caused by a buffer overflow in the SceneKit component of the Mac OS X operating system. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service (memory corruption) by using a specially crafted file. **Recommendations** For OS X versions prior to 10.11.5, update to version 10.11.5 or later to resolve the issue.