Wen Xu

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 Safari versions prior to 13.1.2 iTunes for Windows versions prior to 12.10.8 iCloud for Windows versions prior to 11.3 and 7.20 **Description** A use after free issue was addressed with improved memory management. A remote attacker may be able to cause unexpected application termination or arbitrary code execution. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later. For Safari versions prior to 13.1.2, update to Safari 13.1.2 or later. For iTunes for Windows versions prior to 12.10.8, update to iTunes 12.10.8 or later. For iCloud for Windows versions prior to 11.3 and 7.20, update to iCloud for Windows 11.3 or 7.20 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Safari versions prior to 13.1.1 iTunes for Windows version prior to 12.10.7 iCloud for Windows versions prior to 11.2 and 7.19 **Description** A memory corruption issue was addressed with improved state management. Processing maliciously crafted web content may lead to arbitrary code execution. The vulnerability is related to a buffer overflow in the WebKit module, which can be exploited by a remote attacker using malicious web content. **Recommendations** For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later. For Safari versions prior to 13.1.1, update to Safari 13.1.1 or later. For iTunes for Windows version prior to 12.10.7, update to iTunes 12.10.7 or later. For iCloud for Windows versions prior to 11.2 and 7.19, update to iCloud for Windows 11.2 or 7.19 or later.

**Name of the Vulnerable Software and Affected Versions** Safari versions prior to 13.1.1 iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 iTunes for Windows version prior to 12.10.7 iCloud for Windows versions prior to 11.2 and 7.19 **Description** The issue is related to a memory corruption problem in the WebKit module, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. This can be achieved by a remote attacker using harmful web content. **Recommendations** For Safari version prior to 13.1.1, update to version 13.1.1 or later. For iOS version prior to 13.5, update to version 13.5 or later. For iPadOS version prior to 13.5, update to version 13.5 or later. For tvOS version prior to 13.4.5, update to version 13.4.5 or later. For watchOS version prior to 6.2.5, update to version 6.2.5 or later. For iTunes for Windows version prior to 12.10.7, update to version 12.10.7 or later. For iCloud for Windows versions prior to 11.2 and 7.19, update to version 11.2 or 7.19 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.5 iPadOS versions prior to 13.5 tvOS versions prior to 13.4.5 watchOS versions prior to 6.2.5 Safari versions prior to 13.1.1 iTunes versions prior to 12.10.7 for Windows iCloud for Windows versions prior to 11.2 and 7.19 **Description** The issue is related to a memory corruption problem due to a buffer overflow, which can be triggered by processing maliciously crafted web content. This may allow a remote attacker to execute arbitrary code in the target system. **Recommendations** For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later. For Safari versions prior to 13.1.1, update to Safari 13.1.1 or later. For iTunes versions prior to 12.10.7 for Windows, update to iTunes 12.10.7 for Windows or later. For iCloud for Windows versions prior to 11.2 and 7.19, update to iCloud for Windows 11.2 or 7.19 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue arises from multiple memory corruption problems that have been resolved through enhanced memory handling. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** Update to iOS 12.3 or later. Update to macOS Mojave 10.14.5 or later. Update to tvOS 12.3 or later. Update to Safari 12.1.1 or later. Update to iTunes for Windows 12.9.5 or later. Update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.2 iPadOS versions prior to 13.2 macOS Catalina versions prior to 10.15.1 tvOS versions prior to 13.2 watchOS versions prior to 6.1 **Description** A memory corruption issue was addressed with improved memory handling, which may allow an application to execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 13.2, update to iOS 13.2 or later. For iPadOS versions prior to 13.2, update to iPadOS 13.2 or later. For macOS Catalina versions prior to 10.15.1, update to macOS Catalina 10.15.1 or later. For tvOS versions prior to 13.2, update to tvOS 13.2 or later. For watchOS versions prior to 6.1, update to watchOS 6.1 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.2 tvOS versions prior to 12.2 Safari versions prior to 12.1 iTunes for Windows versions prior to 12.9.4 **Description** A memory corruption issue was addressed with improved validation, which could allow a sandboxed process to circumvent sandbox restrictions. **Recommendations** For iOS versions prior to 12.2, update to iOS 12.2 or later. For tvOS versions prior to 12.2, update to tvOS 12.2 or later. For Safari versions prior to 12.1, update to Safari 12.1 or later. For iTunes for Windows versions prior to 12.9.4, update to iTunes 12.9.4 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to type confusion in JavaScript, which can be exploited by a remote attacker to potentially cause heap corruption via a crafted HTML page. This could allow the attacker to gain unauthorized access to confidential data, cause a denial of service, and impact data integrity. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 80.0.3987.87 **Description** The issue is related to type confusion in JavaScript, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page, allowing them to access confidential data, compromise data integrity, and cause a denial of service. **Recommendations** For versions prior to 80.0.3987.87, update to version 80.0.3987.87 or later to resolve the issue. As a temporary workaround, consider restricting access to potentially vulnerable HTML pages until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 79.0.3945.79 **Description** The issue is related to a type confusion in JavaScript, which can lead to heap corruption. A remote attacker can potentially exploit this issue via a crafted HTML page, allowing unauthorized access to sensitive information and potentially disrupting its integrity and availability. **Recommendations** For versions prior to 79.0.3945.79, update to version 79.0.3945.79 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** WebKitGTK (affected versions not specified) **Description** A vulnerability was found in WebKit. The flaw is triggered when processing maliciously crafted web content that may lead to arbitrary code execution. Improved memory handling addresses the multiple memory corruption issues. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is related to memory corruption and use after free, which may lead to arbitrary code execution when processing maliciously crafted web content. This can allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.4 macOS Mojave versions prior to 10.14.6 tvOS versions prior to 12.4 watchOS versions prior to 5.3 Safari versions prior to 12.1.2 iTunes for Windows versions prior to 12.9.6 iCloud for Windows versions prior to 7.13 and 10.6 **Description** The issue is caused by a buffer overflow in memory, which may allow a remote attacker to execute arbitrary code using a specially crafted website. Processing maliciously crafted web content may lead to arbitrary code execution. **Recommendations** For iOS versions prior to 12.4, update to iOS 12.4 or later. For macOS Mojave versions prior to 10.14.6, update to macOS Mojave 10.14.6 or later. For tvOS versions prior to 12.4, update to tvOS 12.4 or later. For watchOS versions prior to 5.3, update to watchOS 5.3 or later. For Safari versions prior to 12.1.2, update to Safari 12.1.2 or later. For iTunes for Windows versions prior to 12.9.6, update to iTunes for Windows 12.9.6 or later. For iCloud for Windows versions prior to 7.13 and 10.6, update to iCloud for Windows 7.13 or 10.6 or later.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge (affected versions not specified) **Description** An information disclosure issue exists due to the scripting engine's improper handling of objects in memory. This could allow a remote attacker to disclose protected information using a specially crafted web page. The attacker could obtain information to further compromise the user's system. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue is related to memory corruption and buffer overflow in memory, which may lead to arbitrary code execution when processing maliciously crafted web content. This can allow a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue is related to multiple memory corruption problems, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. Exploitation of these issues may allow a remote attacker to execute arbitrary code using a specially crafted website. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.3 macOS Mojave versions prior to 10.14.5 tvOS versions prior to 12.3 Safari versions prior to 12.1.1 iTunes for Windows versions prior to 12.9.5 iCloud for Windows versions prior to 7.12 **Description** The issue is related to multiple memory corruption problems, which can be exploited by processing maliciously crafted web content, potentially leading to arbitrary code execution. Exploitation of these issues may allow a remote attacker to execute arbitrary code using a specially crafted website. The estimated number of potentially affected devices worldwide is not specified. **Recommendations** For iOS versions prior to 12.3, update to iOS 12.3 or later. For macOS Mojave versions prior to 10.14.5, update to macOS Mojave 10.14.5 or later. For tvOS versions prior to 12.3, update to tvOS 12.3 or later. For Safari versions prior to 12.1.1, update to Safari 12.1.1 or later. For iTunes for Windows versions prior to 12.9.5, update to iTunes for Windows 12.9.5 or later. For iCloud for Windows versions prior to 7.12, update to iCloud for Windows 7.12 or later.

**Name of the Vulnerable Software and Affected Versions** Google Chrome versions prior to 74.0.3729.108 **Description** The issue is related to an integer overflow in the ANGLE library of Google Chrome, which could allow a remote attacker to exploit heap corruption via a crafted HTML page. This could potentially lead to data integrity issues, unauthorized access to protected information, and denial of service. **Recommendations** For versions prior to 74.0.3729.108, update to version 74.0.3729.108 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Microsoft Edge and Internet Explorer (affected versions not specified) **Description** A remote code execution issue exists due to errors in handling objects in memory by the scripting engine in Microsoft browsers. This could allow a remote attacker to execute arbitrary code in the context of the current user, potentially gaining the same user rights as the current user. If the current user has administrative rights, the attacker could take control of the affected system, enabling them to install programs, view, change, or delete data, or create new accounts with full user rights. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 12.1.3 tvOS versions prior to 12.1.2 Safari versions prior to 12.0.3 iTunes versions prior to 12.9.3 for Windows iCloud for Windows versions prior to 7.10 **Description** The issue is caused by a buffer overflow in memory, which may lead to arbitrary code execution when processing maliciously crafted web content. This can allow a remote attacker to execute arbitrary code using a specially crafted website. **Recommendations** For iOS versions prior to 12.1.3, update to iOS 12.1.3 or later. For tvOS versions prior to 12.1.2, update to tvOS 12.1.2 or later. For Safari versions prior to 12.0.3, update to Safari 12.0.3 or later. For iTunes versions prior to 12.9.3 for Windows, update to iTunes 12.9.3 or later for Windows. For iCloud for Windows versions prior to 7.10, update to iCloud for Windows 7.10 or later.