Zhongquan Li

**Name of the Vulnerable Software and Affected Versions** macOS Tahoe versions prior to 26.4 **Description** An issue in the macOS Archive Utility allows a malicious application to access arbitrary files by breaking App Sandbox Data Containers and Transparency, Consent, and Control (TCC). The flaw enables an attacker to swap a signed application's executable on disk to bypass code signing protections. Exploitation requires the victim to execute an attacker-provided shell script and be deceived into performing a drag-and-drop action. **Recommendations** Update macOS Tahoe to version 26.4.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sonoma 14.8 macOS versions prior to Sequoia 15.7 macOS Tahoe versions prior to 26 **Description** A permissions issue existed where an application could potentially access protected user data. This was addressed by implementing additional restrictions. **Recommendations** Update to macOS Sonoma version 14.8 or later. Update to macOS Sequoia version 15.7 or later. Update to macOS Tahoe version 26 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.7.7 macOS versions prior to 13.7.7 macOS versions prior to 15.6 **Description** A parsing issue in the handling of directory paths existed due to insufficient path validation. This could allow an application to access protected user data. **Recommendations** Update to macOS version 14.7.7 or later. Update to macOS version 13.7.7 or later. Update to macOS version 15.6 or later.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to Sequoia 15.6 macOS versions prior to Sonoma 14.7.7 **Description** An application may be able to hijack entitlements granted to other privileged applications due to improved data protection. **Recommendations** Update to macOS Sequoia 15.6. Update to macOS Sonoma 14.7.7.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.3 macOS versions prior to 14.7.3 macOS versions prior to 15.3 **Description** The issue is related to insecure storage of confidential information in the MacOs operating system's Security component. It may allow an attacker to gain unauthorized access to protected information. This issue was addressed with improved validation of symlinks. An app may be able to access protected user data. **Recommendations** For macOS versions prior to 13.7.3, update to macOS Ventura 13.7.3 to resolve the issue. For macOS versions prior to 14.7.3, update to macOS Sonoma 14.7.3 to resolve the issue. For macOS versions prior to 15.3, update to macOS Sequoia 15.3 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7.1 macOS versions prior to 14.7.1 **Description** An access issue was addressed with additional sandbox restrictions. This issue allows an app to potentially access user-sensitive data. **Recommendations** For macOS versions prior to 13.7.1, update to macOS Ventura 13.7.1 to resolve the issue. For macOS versions prior to 14.7.1, update to macOS Sonoma 14.7.1 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.7 macOS Sequoia versions prior to 15 **Description** A permissions issue was addressed with additional restrictions. This issue may allow an app to access protected user data. The issue is related to a sandboxed app bypassing TCC protections. **Recommendations** For macOS Sonoma versions prior to 14.7, update to macOS Sonoma 14.7 to resolve the issue. For macOS Sequoia versions prior to 15, update to macOS Sequoia 15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 14.7 macOS Sequoia versions prior to 15 **Description** A malicious application may be able to leak sensitive user information due to inadequate checks. The issue was addressed with improved checks. **Recommendations** For macOS versions prior to 14.7, update to macOS Sonoma 14.7 to resolve the issue. For macOS Sequoia versions prior to 15, update to macOS Sequoia 15 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 13.7 macOS versions prior to 14.7 macOS versions prior to 15 **Description** The issue allows a malicious application to access private information. It was addressed with improved checks. **Recommendations** For versions prior to 13.7, update to macOS Ventura 13.7. For versions prior to 14.7, update to macOS Sonoma 14.7. For versions prior to 15, update to macOS Sequoia 15.

**Name of the Vulnerable Software and Affected Versions** macOS versions prior to 12.7.6 macOS versions prior to 13.6.8 macOS versions prior to 14.6 **Description** The issue allows an app to potentially access user-sensitive data. This was addressed with improved checks. **Recommendations** For macOS versions prior to 12.7.6, update to macOS Monterey 12.7.6. For macOS versions prior to 13.6.8, update to macOS Ventura 13.6.8. For macOS versions prior to 14.6, update to macOS Sonoma 14.6.

**Name of the Vulnerable Software and Affected Versions** watchOS versions prior to 10.6 macOS Sonoma versions prior to 14.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 tvOS versions prior to 17.6 **Description** The issue allows an app to bypass Privacy preferences. This was addressed through improved state management. **Recommendations** For watchOS versions prior to 10.6, update to watchOS 10.6. For macOS Sonoma versions prior to 14.6, update to macOS Sonoma 14.6. For iOS versions prior to 17.6, update to iOS 17.6. For iPadOS versions prior to 17.6, update to iPadOS 17.6. For tvOS versions prior to 17.6, update to tvOS 17.6.

**Name of the Vulnerable Software and Affected Versions** macOS Sonoma versions prior to 14.6 iOS versions prior to 17.6 iPadOS versions prior to 17.6 **Description** A path handling issue was addressed with improved validation, which may allow an app to access protected user data. **Recommendations** For macOS Sonoma versions prior to 14.6, update to macOS Sonoma 14.6 to resolve the issue. For iOS versions prior to 17.6, update to iOS 17.6 to resolve the issue. For iPadOS versions prior to 17.6, update to iPadOS 17.6 to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability could cause a denial of service. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability could cause an information leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability could cause an information leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability could cause an information leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to an out of bounds read vulnerability. Successful exploitation of this vulnerability could cause an information leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability could cause an information leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to a type confusion vulnerability. Successful exploitation of this vulnerability could cause an information leak. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Honor products (affected versions not specified) **Description** The issue is related to an incorrect privilege assignment, which could lead to information leak if successfully exploited. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.