Var10Ck

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Tahoe 26 **Description** An out-of-bounds read issue existed due to insufficient bounds checking. This could allow a malicious application to disclose coprocessor memory. **Recommendations** Update to macOS Tahoe 26 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.4 **Description** The issue was addressed with improved memory handling. An app may be able to corrupt coprocessor memory. **Recommendations** For versions prior to 15.4, update to macOS Sequoia 15.4 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read when applying binary of pdf content. This allows attackers to read out-of-bounds memory. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds write in the parsing of bmp images, which can be exploited by local attackers to execute arbitrary code. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read when applying binary data to text in Samsung Notes. This could potentially allow local attackers to read memory. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to a buffer overflow, where an app may be able to corrupt coprocessor memory due to inadequate bounds checks. This can potentially allow an attacker to damage memory. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2. For watchOS versions prior to 11.2, update to watchOS 11.2. For tvOS versions prior to 18.2, update to tvOS 18.2. For iOS versions prior to 18.2, update to iOS 18.2. For iPadOS versions prior to 18.2, update to iPadOS 18.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to a buffer memory out-of-bounds write. It may allow an attacker to corrupt coprocessor memory. The problem was addressed with improved bounds checks. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2. For watchOS versions prior to 11.2, update to watchOS 11.2. For tvOS versions prior to 18.2, update to tvOS 18.2. For iOS versions prior to 18.2, update to iOS 18.2. For iPadOS versions prior to 18.2, update to iPadOS 18.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to a memory reading problem beyond the allowed range in the IOMobileFrameBuffer component of MacOs, tvOS, watchOS, iPadOS, and iOS operating systems. This may allow an attacker to compromise data integrity. An app may be able to corrupt coprocessor memory. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue. For watchOS versions prior to 11.2, update to watchOS 11.2 to resolve the issue. For tvOS versions prior to 18.2, update to tvOS 18.2 to resolve the issue. For iOS versions prior to 18.2, update to iOS 18.2 to resolve the issue. For iPadOS versions prior to 18.2, update to iPadOS 18.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to a buffer overflow in the IOMobileFrameBuffer component of MacOs, tvOS, watchOS, iPadOS, and iOS operating systems. This can allow an attacker to impact the confidentiality, integrity, and availability of protected information. An app may be able to corrupt coprocessor memory. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue. For watchOS versions prior to 11.2, update to watchOS 11.2 to resolve the issue. For tvOS versions prior to 18.2, update to tvOS 18.2 to resolve the issue. For iOS versions prior to 18.2, update to iOS 18.2 to resolve the issue. For iPadOS versions prior to 18.2, update to iPadOS 18.2 to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 Description: An out-of-bounds access issue was addressed with improved bounds checking. This issue may allow an attacker to cause unexpected system termination or arbitrary code execution in DCP firmware. Recommendations: For versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.21.62 **Description** The issue is related to an out-of-bounds read in the parsing object header, allowing a local attacker to access unauthorized memory. **Recommendations** For versions prior to 4.4.21.62, update to version 4.4.21.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.21.62 **Description** The issue is related to an out-of-bounds read in applying connection points, which could allow local attackers to potentially read memory. **Recommendations** For versions prior to 4.4.21.62, update to version 4.4.21.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.21.62 **Description** The issue is related to an out-of-bounds write in applying connected information. This could potentially allow local attackers to execute arbitrary code with the privilege of Samsung Notes. **Recommendations** For versions prior to 4.4.21.62, update to version 4.4.21.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.21.62 **Description** The issue is related to an out-of-bounds read in the parsing connected object list. This allows a local attacker to access unauthorized memory. **Recommendations** For versions prior to 4.4.21.62, update to version 4.4.21.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.21.62 **Description** The issue is an out-of-bounds read in applying own binary, which allows local attackers to potentially read memory. **Recommendations** For versions prior to 4.4.21.62, update to version 4.4.21.62 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.6 **Description** An out-of-bounds write issue was addressed with improved input validation. This issue may allow an app to cause a coprocessor crash. **Recommendations** For macOS versions prior to 14.6, update to macOS Sonoma 14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.6.8 macOS Sonoma versions prior to 14.5 macOS Monterey versions prior to 12.7.6 watchOS versions prior to 10.5 visionOS versions prior to 1.3 tvOS versions prior to 17.5 iOS versions prior to 17.5 iPadOS versions prior to 17.5 **Description** The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges. **Recommendations** For macOS Ventura, update to version 13.6.8. For macOS Sonoma, update to version 14.5. For macOS Monterey, update to version 12.7.6. For watchOS, update to version 10.5. For visionOS, update to version 1.3. For tvOS, update to version 17.5. For iOS, update to version 17.5. For iPadOS, update to version 17.5.