Ye Zhang

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Tahoe 26 **Description** An out-of-bounds read issue existed due to insufficient bounds checking. This could allow a malicious application to disclose coprocessor memory. **Recommendations** Update to macOS Tahoe 26 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sonoma 14.8 macOS versions prior to Sequoia 15.7 macOS Tahoe version 26 **Description** A permissions issue existed where an application could potentially modify protected areas of the file system. The issue was resolved by removing the vulnerable code. **Recommendations** Update to macOS Sonoma version 14.8 or later. Update to macOS Sequoia version 15.7 or later. Update to macOS Tahoe version 26.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read when applying binary of pdf content. This allows attackers to read out-of-bounds memory. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Samsung Notes versions prior to 4.4.26.71 **Description** The issue is related to an out-of-bounds read when applying binary data to text in Samsung Notes. This could potentially allow local attackers to read memory. **Recommendations** For versions prior to 4.4.26.71, update to version 4.4.26.71 or later to resolve the issue.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.2 Description: An out-of-bounds access issue was addressed with improved bounds checking. This issue may allow an attacker to cause unexpected system termination or arbitrary code execution in DCP firmware. Recommendations: For versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to a buffer overflow in the IOMobileFrameBuffer component of MacOs, tvOS, watchOS, iPadOS, and iOS operating systems. This can allow an attacker to impact the confidentiality, integrity, and availability of protected information. An app may be able to corrupt coprocessor memory. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue. For watchOS versions prior to 11.2, update to watchOS 11.2 to resolve the issue. For tvOS versions prior to 18.2, update to tvOS 18.2 to resolve the issue. For iOS versions prior to 18.2, update to iOS 18.2 to resolve the issue. For iPadOS versions prior to 18.2, update to iPadOS 18.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 15.2 watchOS versions prior to 11.2 tvOS versions prior to 18.2 iOS versions prior to 18.2 iPadOS versions prior to 18.2 **Description** The issue is related to a memory reading problem beyond the allowed range in the IOMobileFrameBuffer component of MacOs, tvOS, watchOS, iPadOS, and iOS operating systems. This may allow an attacker to compromise data integrity. An app may be able to corrupt coprocessor memory. **Recommendations** For macOS versions prior to 15.2, update to macOS Sequoia 15.2 to resolve the issue. For watchOS versions prior to 11.2, update to watchOS 11.2 to resolve the issue. For tvOS versions prior to 18.2, update to tvOS 18.2 to resolve the issue. For iOS versions prior to 18.2, update to iOS 18.2 to resolve the issue. For iPadOS versions prior to 18.2, update to iPadOS 18.2 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.1 iPadOS versions prior to 18.1 **Description** The issue was addressed with improved bounds checks. An attacker may be able to cause unexpected system termination or arbitrary code execution in DCP firmware. **Recommendations** For iOS versions prior to 18.1, update to iOS 18.1 to resolve the issue. For iPadOS versions prior to 18.1, update to iPadOS 18.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.6 **Description** An out-of-bounds write issue was addressed with improved input validation. This issue may allow an app to cause a coprocessor crash. **Recommendations** For macOS versions prior to 14.6, update to macOS Sonoma 14.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.6.8 macOS Sonoma versions prior to 14.5 macOS Monterey versions prior to 12.7.6 watchOS versions prior to 10.5 visionOS versions prior to 1.3 tvOS versions prior to 17.5 iOS versions prior to 17.5 iPadOS versions prior to 17.5 **Description** The issue was addressed with improved memory handling. An app may be able to execute arbitrary code with kernel privileges. **Recommendations** For macOS Ventura, update to version 13.6.8. For macOS Sonoma, update to version 14.5. For macOS Monterey, update to version 12.7.6. For watchOS, update to version 10.5. For visionOS, update to version 1.3. For tvOS, update to version 17.5. For iOS, update to version 17.5. For iPadOS, update to version 17.5.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 10.3 tvOS versions prior to 17.3 iOS versions prior to 17.3 iPadOS versions prior to 17.3 macOS Sonoma versions prior to 14.3 iOS versions prior to 16.7.5 iPadOS versions prior to 16.7.5 macOS Ventura versions prior to 13.6.4 macOS Monterey versions prior to 12.7.3 **Description** The issue is related to improved memory handling and may allow an app to execute arbitrary code with kernel privileges. It is also associated with a buffer overflow in the Apple Neural Engine (ANE) of Mac OS, tvOS, watchOS, iOS, and iPadOS, which can lead to privilege escalation, arbitrary code execution, or denial of service. **Recommendations** For watchOS versions prior to 10.3, update to watchOS 10.3. For tvOS versions prior to 17.3, update to tvOS 17.3. For iOS versions prior to 17.3, update to iOS 17.3. For iPadOS versions prior to 17.3, update to iPadOS 17.3. For macOS Sonoma versions prior to 14.3, update to macOS Sonoma 14.3. For iOS versions prior to 16.7.5, update to iOS 16.7.5. For iPadOS versions prior to 16.7.5, update to iPadOS 16.7.5. For macOS Ventura versions prior to 13.6.4, update to macOS Ventura 13.6.4. For macOS Monterey versions prior to 12.7.3, update to macOS Monterey 12.7.3.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.6 macOS Monterey versions prior to 12.7 tvOS versions prior to 17 watchOS versions prior to 10 iOS versions prior to 17 iPadOS versions prior to 17 **Description** The issue is caused by a buffer overflow in the Neural Engine component of the operating systems, allowing an app to execute arbitrary code with kernel privileges. This is due to improved memory handling. **Recommendations** For macOS Ventura versions prior to 13.6, update to macOS Ventura 13.6. For macOS Monterey versions prior to 12.7, update to macOS Monterey 12.7. For tvOS versions prior to 17, update to tvOS 17. For watchOS versions prior to 10, update to watchOS 10. For iOS versions prior to 17, update to iOS 17. For iPadOS versions prior to 17, update to iPadOS 17.

**Name of the Vulnerable Software and Affected Versions** Linux kernel (affected versions not specified) **Description** The issue is related to a possible use-after-free (UAF) vulnerability in the `amdgpu cs pass1()` function. This vulnerability may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability is caused by the `gang size` check being outside of the chunk parsing loop, which requires resetting `i` before freeing the chunk data. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** macOS Ventura versions prior to 13.3 iOS versions prior to 16.4 iPadOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 15.7.4 tvOS versions prior to 16.4 watchOS versions prior to 9.4 **Description** The issue was addressed with improved memory handling. Processing a maliciously crafted image may result in disclosure of process memory. **Recommendations** For macOS Ventura versions prior to 13.3, update to macOS Ventura 13.3. For iOS versions prior to 16.4, update to iOS 16.4. For iPadOS versions prior to 16.4, update to iPadOS 16.4. For iOS versions prior to 15.7.4, update to iOS 15.7.4. For iPadOS versions prior to 15.7.4, update to iPadOS 15.7.4. For tvOS versions prior to 16.4, update to tvOS 16.4. For watchOS versions prior to 9.4, update to watchOS 9.4.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.7.5 macOS Ventura versions prior to 13.3 macOS Monterey versions prior to 12.6.4 iOS versions prior to 16.4 iOS versions prior to 15.7.4 iPadOS versions prior to 16.4 iPadOS versions prior to 15.7.4 **Description** An out-of-bounds write issue was addressed with improved input validation. Processing a font file may lead to arbitrary code execution. The issue is related to the FontParser component and can allow an attacker to execute arbitrary code. **Recommendations** For macOS Big Sur versions prior to 11.7.5, update to macOS Big Sur 11.7.5. For macOS Ventura versions prior to 13.3, update to macOS Ventura 13.3. For macOS Monterey versions prior to 12.6.4, update to macOS Monterey 12.6.4. For iOS versions prior to 16.4, update to iOS 16.4. For iOS versions prior to 15.7.4, update to iOS 15.7.4. For iPadOS versions prior to 16.4, update to iPadOS 16.4. For iPadOS versions prior to 15.7.4, update to iPadOS 15.7.4.

**Name of the Vulnerable Software and Affected Versions** Apple tvOS versions prior to 15.6 Apple iOS versions prior to 15.6 Apple iPadOS versions prior to 15.6 **Description** An out-of-bounds read issue was addressed with improved bounds checking. Processing a maliciously crafted image may lead to disclosure of user information. **Recommendations** For tvOS versions prior to 15.6, update to tvOS 15.6 or later. For iOS versions prior to 15.6, update to iOS 15.6 or later. For iPadOS versions prior to 15.6, update to iPadOS 15.6 or later.

**Name of the Vulnerable Software and Affected Versions** Apple macOS versions prior to macOS Big Sur 11.6.8 Apple macOS versions prior to macOS Monterey 12.5 Apple macOS Catalina version with Security Update 2022-005 **Description** The issue concerns the processing of maliciously crafted AppleScript binaries, which may lead to unexpected termination or disclosure of process memory. This is related to untrusted pointer dereference and out-of-bounds read issues in AppleScript binary parsing. **Recommendations** For macOS Catalina, apply Security Update 2022-005 to resolve the issue. For macOS Big Sur, update to version 11.6.8 or later to resolve the issue. For macOS Monterey, update to version 12.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.8 macOS versions prior to 12.5 macOS Catalina (affected versions not specified), with fix in Security Update 2022-005 **Description** The issue is related to an out-of-bounds read that can be triggered by processing a maliciously crafted AppleScript binary. This may result in unexpected termination or disclosure of process memory. The estimated number of potentially affected devices and details about real-world incidents are not provided. **Recommendations** For macOS versions prior to 11.6.8, update to macOS Big Sur 11.6.8 or later. For macOS versions prior to 12.5, update to macOS Monterey 12.5 or later. For macOS Catalina, apply Security Update 2022-005.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 11.6.8 macOS versions prior to 12.5 **Description** An out-of-bounds read issue was addressed with improved input validation. Processing a maliciously crafted AppleScript binary may result in unexpected termination or disclosure of process memory. **Recommendations** For macOS versions prior to 11.6.8, update to macOS Big Sur 11.6.8 or later. For macOS versions prior to 12.5, update to macOS Monterey 12.5 or later. As a temporary workaround, consider restricting the use of AppleScript binaries until a patch is available.