Xnyhps

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.1 **Description** The issue is related to insufficient access control in the LaunchServices component of the macOS operating system, which may allow an app to access sensitive user data. The issue was addressed with improved permissions logic. **Recommendations** For versions prior to 14.1, update to macOS Sonoma 14.1 to resolve the issue. As a temporary workaround, consider restricting access to sensitive user data until the update is applied.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions 11.7.7 and earlier macOS Monterey versions 12.6.6 and earlier macOS Ventura versions 13.4 and earlier **Description** A logic issue was addressed with improved checks, which may allow an app to gain root privileges. The issue is related to insecure privilege management in the libxpc library of MacOS operating systems, potentially allowing an attacker to execute arbitrary code with root privileges. **Recommendations** For macOS Big Sur versions 11.7.7 and earlier, update to macOS Big Sur 11.7.7 or later. For macOS Monterey versions 12.6.6 and earlier, update to macOS Monterey 12.6.6 or later. For macOS Ventura versions 13.4 and earlier, update to macOS Ventura 13.4 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.7.2 macOS versions prior to 12.6.2 macOS versions prior to 13.1 **Description** A type confusion issue was addressed with improved checks. Processing a maliciously crafted package may lead to arbitrary code execution. **Recommendations** For macOS versions prior to 11.7.2, update to macOS Big Sur 11.7.2. For macOS versions prior to 12.6.2, update to macOS Monterey 12.6.2. For macOS versions prior to 13.1, update to macOS Ventura 13.1.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13 **Description** The issue allows an app to modify protected parts of the file system. This was addressed with improved data protection. **Recommendations** For versions prior to 13, update to macOS Ventura 13 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.5 macOS Big Sur versions prior to 11.6.8 Security Update versions prior to 2022-005 Catalina **Description** An access issue was addressed with improvements to the sandbox, allowing an app to potentially access sensitive user information. **Recommendations** For macOS versions prior to 12.5, update to macOS Monterey 12.5. For macOS Big Sur versions prior to 11.6.8, update to macOS Big Sur 11.6.8. For Security Update versions prior to 2022-005 Catalina, apply Security Update 2022-005 Catalina.

**Name of the Vulnerable Software and Affected Versions** Windows versions prior to the fixed version **Description** The issue is related to a Transport Layer Security (TLS) protocol implementation flaw in Windows operating systems, specifically concerning session fixation weaknesses. This can be exploited by a remote attacker to gain unauthorized access to protected information by connecting to a peer node. The vulnerability allows for spoofing when TLS accesses non-Extended Master Secret (EMS) sessions. **Recommendations** For Windows versions prior to the fixed version, apply the necessary security updates to resolve the issue. As a temporary workaround, consider restricting access to TLS sessions to minimize the risk of exploitation. Avoid using non-Extended Master Secret (EMS) sessions in TLS until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Jabber Open Source Server versions 2.3.2 and earlier **Description** The issue allows remote authenticated users to potentially read system memory or have other unspecified impact by providing a crafted JID, due to the truncation of data without ensuring it remains valid UTF-8. **Recommendations** For versions 2.3.2 and earlier, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** libin versions prior to 1.31 jabberd2 (affected versions not specified) **Description** The issue allows context-dependent attackers to read system memory and possibly have other unspecified impact via invalid UTF-8 characters in a string, which triggers an out-of-bounds read. This occurs due to a vulnerability in the `stringprep utf8 to ucs4` function. **Recommendations** For libin versions prior to 1.31, update to version 1.31 or later to resolve the issue. For jabberd2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.