Wol0Xff

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 **Description** The issue is related to the XPC Services API in LaunchServices, which has inadequate access control. This allows an attacker to bypass event-handler restrictions and modify events of arbitrary apps using a crafted app. The estimated number of potentially affected devices is not specified. There is no information about real-world incidents where this issue was exploited. **Recommendations** For versions prior to 9.3, update to iOS version 9.3 or later to resolve the issue. As a temporary workaround, consider restricting the use of the XPC Services API in LaunchServices to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** libxml2 in Apple iOS versions prior to 9.3 libxml2 in Apple OS X versions prior to 10.11.4 libxml2 in Apple watchOS versions prior to 2.2 **Description** The issue is caused by a buffer overflow in the libxml2 library, allowing remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted XML document. **Recommendations** For libxml2 in Apple iOS versions prior to 9.3, update to iOS 9.3 or later. For libxml2 in Apple OS X versions prior to 10.11.4, update to OS X 10.11.4 or later. For libxml2 in Apple watchOS versions prior to 2.2, update to watchOS 2.2 or later.