Ikuya Fukumoto

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.3 Apple OS X versions prior to 10.10.3 **Description** The issue is related to the CFURL component in Apple iOS and Apple OS X, which fails to properly validate URLs. This allows remote attackers to execute arbitrary code via a crafted web site. **Recommendations** For Apple iOS versions prior to 8.3, update to version 8.3 or later. For Apple OS X versions prior to 10.10.3, update to version 10.10.3 or later.

**Name of the Vulnerable Software and Affected Versions** Foundation in Apple iOS versions prior to 8.3 Foundation in Apple TV versions prior to 7.2 **Description** The issue allows remote attackers to read arbitrary files via an external entity declaration in conjunction with an entity reference, related to an XML External Entity (XXE) issue. This occurs due to a problem with NSXMLParser in Foundation. **Recommendations** For Foundation in Apple iOS versions prior to 8.3, update to version 8.3 or later. For Foundation in Apple TV versions prior to 7.2, update to version 7.2 or later.