Wenchao Li

Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.1 iOS versions prior to 18.1 iPadOS versions prior to 18.1 iOS versions prior to 17.7.1 iPadOS versions prior to 17.7.1 tvOS versions prior to 18.1 macOS Sonoma versions prior to 14.7.1 watchOS versions prior to 11.1 macOS Ventura versions prior to 13.7.1 Description: A denial-of-service issue was addressed with improved input validation. A remote attacker may be able to cause a denial-of-service. Recommendations: Update to visionOS 2.1 or later. Update to iOS 18.1 or later. Update to iPadOS 18.1 or later. Update to iOS 17.7.1 or later. Update to iPadOS 17.7.1 or later. Update to tvOS 18.1 or later. Update to macOS Sonoma 14.7.1 or later. Update to watchOS 11.1 or later. Update to macOS Ventura 13.7.1 or later.

**Name of the Vulnerable Software and Affected Versions** exempi versions 2.5.0 and earlier **Description** The issue is related to a Buffer Overflow vulnerability in the `ID3 Support::ID3v2Frame::getFrameValue` function. This vulnerability can be exploited by remote attackers to cause a denial of service via the opening of a crafted audio file with an ID3V2 frame. The vulnerability is associated with a buffer overflow in memory, which can be triggered by a specially crafted audio file. **Recommendations** For exempi versions 2.5.0 and earlier, consider updating to a version that contains a fix for this issue, as no specific workaround or mitigation measures are provided for these versions. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** exempi versions 2.5.0 and earlier **Description** The issue allows remote attackers to cause a denial of service via the opening of crafted webp files. This is due to a Buffer Overflow vulnerability in the WEBP Support.cpp file. **Recommendations** For versions 2.5.0 and earlier, consider disabling the processing of webp files until a patch is available to prevent potential denial of service attacks. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.5 **Description** The issue allows an app to bypass Privacy preferences. It was addressed with improved checks. **Recommendations** For macOS Ventura versions prior to 13.5, update to macOS Ventura 13.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 9.5 iOS versions prior to 15.7.6 and prior to 16.5 iPadOS versions prior to 15.7.6 and prior to 16.5 macOS versions prior to Ventura 13.4 **Description** The issue is related to insufficient warnings about dangerous actions, which may allow an attacker to bypass existing security restrictions. A shortcut may be able to use sensitive data with certain actions without prompting the user. **Recommendations** For watchOS versions prior to 9.5, update to watchOS 9.5 or later. For iOS versions prior to 15.7.6, update to iOS 15.7.6 or later. For iOS versions prior to 16.5, update to iOS 16.5 or later. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 or later. For iPadOS versions prior to 16.5, update to iPadOS 16.5 or later. For macOS versions prior to Ventura 13.4, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.6 iPadOS versions prior to 15.7.6 macOS Big Sur versions prior to 11.7.7 macOS Monterey versions prior to 12.6.6 macOS Ventura versions prior to 13.4 **Description** A logic issue was addressed with improved state management, which may allow an app to modify protected parts of the file system. **Recommendations** For iOS versions prior to 15.7.6, update to iOS 15.7.6 or later. For iPadOS versions prior to 15.7.6, update to iPadOS 15.7.6 or later. For macOS Big Sur versions prior to 11.7.7, update to macOS Big Sur 11.7.7 or later. For macOS Monterey versions prior to 12.6.6, update to macOS Monterey 12.6.6 or later. For macOS Ventura versions prior to 13.4, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.3 macOS Monterey versions prior to 12.6.4 iOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 16.4 iPadOS versions prior to 15.7.4 tvOS versions prior to 16.4 watchOS versions prior to 9.4 **Description** The issue allows a shortcut to use sensitive data with certain actions without prompting the user. This was addressed with additional permissions checks. **Recommendations** For macOS Ventura versions prior to 13.3, update to macOS Ventura 13.3. For macOS Monterey versions prior to 12.6.4, update to macOS Monterey 12.6.4. For iOS versions prior to 16.4, update to iOS 16.4. For iOS versions prior to 15.7.4, update to iOS 15.7.4. For iPadOS versions prior to 16.4, update to iPadOS 16.4. For iPadOS versions prior to 15.7.4, update to iPadOS 15.7.4. For tvOS versions prior to 16.4, update to tvOS 16.4. For watchOS versions prior to 9.4, update to watchOS 9.4.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.2.1 **Description** The issue is related to insecure temporary files in the Shortcuts component of macOS Ventura, which may allow an attacker to access confidential information. This privacy issue can be exploited by an app to observe unprotected user data due to improper handling of temporary files. **Recommendations** For macOS Ventura versions prior to 13.2.1, update to version 13.2.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 13.5 Apple iPadOS versions prior to 13.5 Apple macOS Catalina versions prior to 10.15.5 Apple tvOS versions prior to 13.4.5 Apple watchOS versions prior to 6.2.5 Apple iTunes for Windows versions prior to 12.10.7 Apple iCloud for Windows versions prior to 11.2 and 7.19 **Description** The issue is related to an out-of-bounds write problem, which has been addressed with improved bounds checking. Processing a maliciously crafted image may lead to arbitrary code execution. The vulnerability can be exploited by a remote attacker to execute arbitrary code. **Recommendations** For iOS versions prior to 13.5, update to iOS 13.5 or later. For iPadOS versions prior to 13.5, update to iPadOS 13.5 or later. For macOS Catalina versions prior to 10.15.5, update to macOS Catalina 10.15.5 or later. For tvOS versions prior to 13.4.5, update to tvOS 13.4.5 or later. For watchOS versions prior to 6.2.5, update to watchOS 6.2.5 or later. For iTunes for Windows versions prior to 12.10.7, update to iTunes 12.10.7 or later. For iCloud for Windows versions prior to 11.2 and 7.19, update to iCloud for Windows 11.2 or later, and 7.19 or later.