Un3Xploitable

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions 7.1.14 and 7.2.4 **Description** An easily exploitable issue exists in the Oracle VM VirtualBox Core component, potentially allowing a high-privileged attacker with access to the system where Oracle VM VirtualBox runs to compromise the software. Successful exploitation can lead to a takeover of Oracle VM VirtualBox, and may significantly impact additional products. **Recommendations** Update Oracle VM VirtualBox version 7.1.14 to a later version. Update Oracle VM VirtualBox version 7.2.4 to a later version.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions 7.1.14 and 7.2.4 **Description** A difficult to exploit issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). An attacker with high privileges who has access to the system where Oracle VM VirtualBox is running can compromise the software. Successful exploitation can lead to a takeover of Oracle VM VirtualBox and may significantly impact other products. **Recommendations** Update Oracle VM VirtualBox to a newer version that addresses this issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions 7.1.14 and 7.2.4 **Description** An easily exploitable issue exists in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). A high-privileged attacker with access to the infrastructure where Oracle VM VirtualBox runs can compromise the software. Successful attacks can lead to a takeover of Oracle VM VirtualBox and may significantly impact additional products. **Recommendations** Update Oracle VM VirtualBox version 7.1.14 to a newer, fixed version. Update Oracle VM VirtualBox version 7.2.4 to a newer, fixed version.

Name of the Vulnerable Software and Affected Versions: Whale browser for iOS versions prior to 3.9.1.4206 Description: The issue allows an attacker to execute malicious scripts in the browser via a crafted JavaScript scheme. This can be achieved by manipulating a specific JavaScript scheme. Recommendations: For versions prior to 3.9.1.4206, update to version 3.9.1.4206 or later to resolve the issue. As a temporary workaround, consider restricting the use of JavaScript schemes in the browser until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 138 Firefox ESR versions prior to 128.10 Firefox ESR versions prior to 115.23 Thunderbird versions prior to 138 Thunderbird ESR versions prior to 128.10 **Description** Modification of specific WebGL shader attributes could trigger an out-of-bounds read. When chained with other vulnerabilities, this issue could be used to escalate privileges. This bug only affects Firefox for macOS, with other versions of Firefox being unaffected. **Recommendations** For Firefox versions prior to 138, update to version 138 or later. For Firefox ESR versions prior to 128.10, update to version 128.10 or later. For Firefox ESR versions prior to 115.23, update to version 115.23 or later. For Thunderbird versions prior to 138, update to version 138 or later. For Thunderbird ESR versions prior to 128.10, update to version 128.10 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome on Android versions prior to 133.0.6943.126 **Description** A heap buffer overflow in the GPU of Google Chrome on Android allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page. The severity of this issue is rated as High by Chromium. **Recommendations** For Google Chrome on Android versions prior to 133.0.6943.126, update to version 133.0.6943.126 or later to resolve the issue. As a temporary workaround, consider avoiding the use of crafted HTML pages that could trigger the heap buffer overflow until a patch is applied.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 **Description** A malicious application may be able to modify protected parts of the file system due to inadequate checks. **Recommendations** For macOS versions prior to 13.7.1, update to macOS Ventura 13.7.1. For macOS versions prior to 14.7.1, update to macOS Sonoma 14.7.1.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 **Description** A malicious application may be able to modify protected parts of the file system due to inadequate checks. **Recommendations** For macOS versions prior to 13.7.1, update to macOS Ventura 13.7.1. For macOS versions prior to 14.7.1, update to macOS Sonoma 14.7.1.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 **Description** A malicious application may be able to modify protected parts of the file system due to insufficient checks. **Recommendations** For macOS versions prior to 13.7.1, update to macOS Ventura 13.7.1. For macOS versions prior to 14.7.1, update to macOS Sonoma 14.7.1.