Frank Graziano

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.2.1 Apple OS X versions prior to 10.11.3 Apple tvOS versions prior to 9.1.1 **Description** The issue allows local users to gain privileges or cause a denial of service due to memory corruption. It is caused by a buffer overflow in the Disk Images component. **Recommendations** For Apple iOS versions prior to 9.2.1, update to version 9.2.1 or later. For Apple OS X versions prior to 10.11.3, update to version 10.11.3 or later. For Apple tvOS versions prior to 9.1.1, update to version 9.1.1 or later.

**Name of the Vulnerable Software and Affected Versions** Dictionary app in Apple OS X versions prior to 10.10.5 **Description** The issue concerns the Dictionary app in Apple OS X, which does not use HTTPS, allowing man-in-the-middle attackers to obtain sensitive information by sniffing the network or spoof word definitions by modifying the client-server data stream. This is due to insufficient input validation, which can be exploited to gain access to protected information or modify the data stream between the client and server. **Recommendations** For versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider restricting network access to trusted sources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4.1 Apple OS X versions prior to 10.10.5 **Description** The issue is related to a buffer overflow in the DiskImages component, which can be exploited by a local user via a malformed DMG image. This can lead to memory corruption and an application crash, potentially allowing the attacker to gain privileges or cause a denial of service. **Recommendations** For Apple iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue. For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.3 **Description** The issue allows local users to gain privileges or cause a denial of service due to a NULL pointer dereference via an unspecified IOService userclient type. **Recommendations** For Apple OS X versions prior to 10.10.3, update to version 10.10.3 or later to resolve the issue.