Zhongcheng Li

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.7 iPadOS versions prior to 18.7.7 macOS Sonoma versions prior to 14.8.5 macOS Tahoe versions prior to 26.4 tvOS versions prior to 26.4 visionOS versions prior to 26.4 watchOS versions prior to 26.4 **Description** An application may be able to list the applications installed on a user's device, potentially revealing private information. **Recommendations** Update iOS to version 18.7.7. Update iPadOS to version 18.7.7. Update macOS Sonoma to version 14.8.5. Update macOS Tahoe to version 26.4. Update tvOS to version 26.4. Update visionOS to version 26.4. Update watchOS to version 26.4.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 26.3 iPadOS versions prior to 26.3 iOS versions prior to 18.7.5 iPadOS versions prior to 18.7.5 **Description** An application may be capable of listing the applications installed on a user's device. The issue was addressed by sanitizing logging mechanisms. **Recommendations** Update to iOS version 26.3 or later. Update to iPadOS version 26.3 or later. Update to iOS version 18.7.5 or later. Update to iPadOS version 18.7.5 or later.

**Name of the Vulnerable Software and Affected Versions** visionOS versions prior to 26.2 iOS versions prior to 26.2 iPadOS versions prior to 26.2 watchOS versions prior to 26.2 macOS versions prior to Tahoe 26.2 **Description** An issue involving insufficient permissions restrictions was identified. This could allow an application to access sensitive payment tokens. **Recommendations** Update visionOS to version 26.2. Update iOS to version 26.2. Update iPadOS to version 26.2. Update watchOS to version 26.2. Update macOS to Tahoe version 26.2.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 **Description** An application may be able to modify protected parts of the file system due to insufficient validation of symlinks. The issue was addressed with improved symlink validation. **Recommendations** Update to macOS Sonoma version 14.8.2 or later. Update to macOS Sequoia version 15.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 18.7.2 iPadOS versions prior to 18.7.2 **Description** A permissions issue existed that allowed an application to potentially fingerprint a user. Additional restrictions were implemented to address this issue. **Recommendations** Update to iOS version 18.7.2 or later. Update to iPadOS version 18.7.2 or later.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 26.1 iOS versions prior to 26.1 iPadOS versions prior to 26.1 tvOS versions prior to 26.1 visionOS versions prior to 26.1 **Description** A permissions issue existed that allowed an application to potentially list the applications installed on a user's device. This issue was resolved through the implementation of additional restrictions. **Recommendations** Update watchOS to version 26.1. Update iOS to version 26.1. Update iPadOS to version 26.1. Update tvOS to version 26.1. Update visionOS to version 26.1.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sonoma 14.8 macOS versions prior to Tahoe 26 **Description** A permissions issue existed where an app could potentially access protected user data. This was addressed by adding additional restrictions. **Recommendations** Update to macOS Sonoma version 14.8. Update to macOS Tahoe version 26.

**Name of the Vulnerable Software and Affected Versions** macOS Big Sur versions prior to 11.5 **Description** A malicious application may be able to gain root privileges due to this issue. The estimated number of potentially affected devices worldwide is not specified. This issue was addressed with improved checks. **Recommendations** For versions prior to 11.5, update to macOS Big Sur 11.5 to resolve the issue. As a temporary workaround, consider restricting access to sensitive resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Big Sur 11.4 iOS versions prior to 14.6 iPadOS versions prior to 14.6 watchOS versions prior to 7.5 **Description** A validation issue existed in the handling of symlinks, which has been addressed with improved validation. This could have allowed a malicious application to gain root privileges. **Recommendations** For macOS versions prior to Big Sur 11.4, update to macOS Big Sur 11.4 or later. For iOS versions prior to 14.6, update to iOS 14.6 or later. For iPadOS versions prior to 14.6, update to iPadOS 14.6 or later. For watchOS versions prior to 7.5, update to watchOS 7.5 or later.

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 11.2 Security Update versions prior to 2021-001 Catalina Security Update versions prior to 2021-001 Mojave Description: A logic issue was addressed with improved state management, which could allow a local attacker to elevate their privileges. Recommendations: For macOS versions prior to 11.2, update to macOS Big Sur 11.2. For Security Update versions prior to 2021-001 Catalina, apply Security Update 2021-001 Catalina. For Security Update versions prior to 2021-001 Mojave, apply Security Update 2021-001 Mojave.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 **Description** The issue existed within the path validation logic for symlinks, which was addressed with improved path sanitization. A local attacker may be able to elevate their privileges. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 13.6 iPadOS versions prior to 13.6 macOS Catalina versions prior to 10.15.6 tvOS versions prior to 13.4.8 watchOS versions prior to 6.2.8 **Description** An issue existed within the path validation logic for symlinks, which was addressed with improved path sanitization. A local attacker may be able to elevate their privileges. **Recommendations** For iOS versions prior to 13.6, update to iOS 13.6 or later. For iPadOS versions prior to 13.6, update to iPadOS 13.6 or later. For macOS Catalina versions prior to 10.15.6, update to macOS Catalina 10.15.6 or later. For tvOS versions prior to 13.4.8, update to tvOS 13.4.8 or later. For watchOS versions prior to 6.2.8, update to watchOS 6.2.8 or later.

**Name of the Vulnerable Software and Affected Versions** Oracle VM VirtualBox versions prior to 5.2.44 Oracle VM VirtualBox versions prior to 6.0.24 Oracle VM VirtualBox versions prior to 6.1.12 **Description** The issue is related to insufficient input validation in the Core component of Oracle VM VirtualBox. Exploitation of this issue may allow an attacker to impact the confidentiality, integrity, and availability of protected information. The vulnerability can be easily exploited by a highly privileged attacker with logon access to the infrastructure where Oracle VM VirtualBox is executed, and successful attacks require human interaction from a person other than the attacker. This can result in the takeover of Oracle VM VirtualBox. **Recommendations** For versions prior to 5.2.44, update to version 5.2.44 or later. For versions prior to 6.0.24, update to version 6.0.24 or later. For versions prior to 6.1.12, update to version 6.1.12 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 10.15.5 **Description** A validation issue existed in the handling of symlinks, which could allow a local attacker to elevate their privileges. This issue was addressed with improved validation of symlinks. **Recommendations** For versions prior to 10.15.5, update to macOS Catalina 10.15.5 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** LibreOffice versions prior to 6.1.6 LibreOffice versions 6.2 series prior to 6.2.3 **Description** The issue exists due to insufficient input validation in LibreOffice's hyperlink processing, allowing an attacker to construct documents with hyperlinks that point to an executable on the target user's file system. If the hyperlink is activated, the executable target is launched unconditionally. This affects the confidentiality, integrity, and availability of protected information. **Recommendations** For versions prior to 6.1.6, update to version 6.1.6 or later. For versions 6.2 series prior to 6.2.3, update to version 6.2.3 or later. As a temporary workaround, consider avoiding the use of hyperlinks in LibreOffice documents until a patch is applied.

Name of the Vulnerable Software and Affected Versions: Oracle WebLogic Server versions 10.3.6.0.0 and 12.1.3.0.0 Description: The issue is related to the Oracle WebLogic Server component of Oracle Fusion Middleware, specifically the Web Services subcomponent. It is an easily exploitable vulnerability that allows an unauthenticated attacker with network access via HTTP to compromise the Oracle WebLogic Server. Successful attacks can result in the takeover of the Oracle WebLogic Server. The vulnerability is associated with flaws in the deserialization mechanism of the WLS9 ASYNC and WLS-WSAT components, which can be exploited by sending a specially crafted HTTP request. Recommendations: For Oracle WebLogic Server version 10.3.6.0.0, update to a version that includes the official fix. For Oracle WebLogic Server version 12.1.3.0.0, update to a version that includes the official fix. As a temporary workaround, consider restricting access to the Web Services subcomponent until a patch is available.