Zhengyu Dong

**Name of the Vulnerable Software and Affected Versions** Tencent WeChat versions prior to 7.0.9 **Description** This issue allows remote attackers to redirect users to an external resource on affected installations. User interaction is required, as the target must be within a chat session with the attacker. The flaw exists within the parsing of a user's profile, specifically in the failure to properly validate a user's name, stored in the `name` variable. An attacker can leverage this, potentially in conjunction with other issues, to execute code in the context of the current process. **Recommendations** For versions prior to 7.0.9, update to version 7.0.9 or later to resolve the issue. As a temporary workaround, consider restricting user interactions within chat sessions to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 12.1.1 Apple macOS versions prior to 10.14.2 Apple tvOS versions prior to 12.1.1 Apple watchOS versions prior to 5.1.2 **Description** A memory corruption issue was addressed with improved state management. The issue is related to a Use-After-Free Privilege Escalation Vulnerability in Apple macOS. **Recommendations** For Apple iOS versions prior to 12.1.1, update to iOS 12.1.1 or later. For Apple macOS versions prior to 10.14.2, update to macOS 10.14.2 or later. For Apple tvOS versions prior to 12.1.1, update to tvOS 12.1.1 or later. For Apple watchOS versions prior to 5.1.2, update to watchOS 5.1.2 or later.