Landaire

**Name of the Vulnerable Software and Affected Versions** SSZipArchive versions 2.5.3 and older **Description** The issue is related to an arbitrary file write vulnerability due to a lack of sanitization on paths that are symlinks. When SSZipArchive opens a malicious ZIP containing a symlink as the first item, it will overwrite files on the filesystem. **Recommendations** For SSZipArchive versions 2.5.3 and older, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3.2 Apple OS X versions prior to 10.11.5 Apple tvOS versions prior to 9.2.1 Apple watchOS versions prior to 2.2.1 **Description** The issue is related to errors in pointer dereferencing in the ImageIO component, which can be exploited by remote attackers to cause a denial of service (NULL pointer dereference) via a crafted image. **Recommendations** For Apple iOS versions prior to 9.3.2, update to version 9.3.2 or later. For Apple OS X versions prior to 10.11.5, update to version 10.11.5 or later. For Apple tvOS versions prior to 9.2.1, update to version 9.2.1 or later. For Apple watchOS versions prior to 2.2.1, update to version 2.2.1 or later.