Nicolas Seriot

**Name of the Vulnerable Software and Affected Versions** Apple iTunes versions prior to 9.1 **Description** The issue allows local users to gain console privileges through vectors related to log files, "insecure file operation," and syncing an iPhone, iPad, or iPod touch. **Recommendations** For versions prior to 9.1, update to version 9.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iPod touch versions 2.0 through 2.0.2 Apple iPhone versions 2.0 through 2.0.2 **Description** The issue concerns the Application Sandbox, which fails to properly isolate third-party applications. This allows attackers to read arbitrary files in a third-party application's sandbox via a different third-party application. **Recommendations** For Apple iPod touch versions 2.0 through 2.0.2, consider restricting access to sensitive files within third-party applications until a fix is available. For Apple iPhone versions 2.0 through 2.0.2, consider implementing additional security measures to prevent unauthorized access to files within third-party applications' sandboxes. At the moment, there is no information about a newer version that contains a fix for this vulnerability.