Piers Ohanlon

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4.1 Apple OS X versions prior to 10.10.5 **Description** The issue is related to the bootp component in the operating systems, which lacks protection for service data. This allows remote attackers to obtain potentially sensitive information about MAC addresses seen in previous Wi-Fi sessions by sniffing an 802.11 network for DNAv4 broadcast traffic. The exploitation of this issue may enable an attacker to access protected information about device MAC addresses obtained during previous WiFi sessions by analyzing broadcast network requests. **Recommendations** For Apple iOS versions prior to 8.4.1, update to version 8.4.1 or later. For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later.

**Name of the Vulnerable Software and Affected Versions** Apple OS X versions prior to 10.10.5 **Description** The issue is caused by multiple buffer overflows in the Bluetooth subsystem of the operating system, which can be exploited by a local attacker to gain privileges via XPC messages. **Recommendations** For Apple OS X versions prior to 10.10.5, update to version 10.10.5 or later to resolve the issue. As a temporary workaround, consider restricting the use of the Bluetooth subsystem to minimize the risk of exploitation.