Alan Wang

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in iOS 26.5 and iPadOS 26.5, visionOS 26.5. An app may be able to access sensitive user data.

**Name of the Vulnerable Software and Affected Versions** cJSON version 1.7.16 **Description** The issue is related to a segmentation violation in the function `cJSON SetValuestring` at `cJSON.c`. This indicates a potential problem with memory access that could lead to a crash or other unintended behavior. No information is provided about the estimated number of potentially affected devices worldwide or details about real-world incidents where this issue was exploited. **Recommendations** For cJSON version 1.7.16, consider avoiding the use of the `cJSON SetValuestring` function until a patch is available. As a temporary workaround, restricting access to the `cJSON.c` file or the `cJSON SetValuestring` function could help minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.