Willy R. Vasquez

**Name of the Vulnerable Software and Affected Versions** Apple TV versions prior to 1.5.0.152 iTunes versions prior to 12.13.3 **Description** A stack buffer overflow issue was addressed through improved input validation. Parsing a maliciously crafted video file may lead to unexpected system termination. **Recommendations** For Apple TV versions prior to 1.5.0.152, update to Apple TV 1.5.0.152 or later. For iTunes versions prior to 12.13.3, update to iTunes 12.13.3 or later.

**Name of the Vulnerable Software and Affected Versions** iTunes versions prior to 12.13.2 **Description** The issue was addressed with improved checks. Parsing a file may lead to an unexpected app termination or arbitrary code execution. **Recommendations** For versions prior to 12.13.2, update to iTunes 12.13.2 for Windows to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.2 iOS versions prior to 15.7.2 iPadOS versions prior to 16.2 iPadOS versions prior to 15.7.2 **Description** The issue is related to a buffer overflow in the graphics driver of iOS and iPadOS, caused by incorrect video rendering with H.264 encoding. This can lead to unexpected system termination when parsing a maliciously crafted video file. An attacker could exploit this issue to perform a denial-of-service (DoS) attack. **Recommendations** For iOS versions prior to 16.2, update to iOS 16.2 or later to resolve the issue. For iOS versions prior to 15.7.2, update to iOS 15.7.2 or later to resolve the issue. For iPadOS versions prior to 16.2, update to iPadOS 16.2 or later to resolve the issue. For iPadOS versions prior to 15.7.2, update to iPadOS 15.7.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.2 iPadOS versions prior to 16.2 **Description** The issue is related to a buffer overflow in memory due to incorrect video rendering with H.264 encoding. This can allow an attacker to execute arbitrary code with kernel privileges. The issue was addressed with improved memory handling. **Recommendations** For iOS versions prior to 16.2, update to iOS 16.2 or later to resolve the issue. For iPadOS versions prior to 16.2, update to iPadOS 16.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.1 iOS versions prior to 16.1 iPadOS versions prior to 15.7.1 iPadOS versions prior to 16 **Description** The issue is related to a buffer overflow in the graphics driver of iOS and iPadOS, caused by incorrect video rendering with H.264 encoding. This can allow an app to execute arbitrary code with kernel privileges. **Recommendations** For iOS versions prior to 15.7.1, update to iOS 15.7.1 or later. For iOS versions prior to 16.1, update to iOS 16.1 or later. For iPadOS versions prior to 15.7.1, update to iPadOS 15.7.1 or later. For iPadOS versions prior to 16, update to iPadOS 16 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 15.7.1 iPadOS versions prior to 15.7.1 iPadOS versions prior to 16 macOS Ventura versions prior to 13 **Description** A lock screen issue was addressed with improved state management, which may have allowed a user to view restricted content from the lock screen. **Recommendations** For iOS versions prior to 15.7.1, update to iOS 15.7.1 or later. For iPadOS versions prior to 15.7.1, update to iPadOS 15.7.1 or later. For iPadOS versions prior to 16, update to iPadOS 16 or later. For macOS Ventura versions prior to 13, update to macOS Ventura 13 or later.

**Name of the Vulnerable Software and Affected Versions** Firefox versions prior to 105 Firefox ESR versions prior to 102.3 Thunderbird versions prior to 102.3 **Description** The issue is related to an out-of-bounds read that occurs when decoding H.264 video, potentially leading to a crash. This can be exploited by an attacker to perform a denial-of-service (DoS) attack using a specially crafted video file. **Recommendations** For Firefox versions prior to 105, update to version 105 or later to resolve the issue. For Firefox ESR versions prior to 102.3, update to version 102.3 or later to resolve the issue. For Thunderbird versions prior to 102.3, update to version 102.3 or later to resolve the issue.