Andreas Weinlein

**Name of the Vulnerable Software and Affected Versions** Safari in Apple iOS versions prior to 8.4.1 **Description** The issue is related to the improper handling of data in the Safari component of the iOS operating system. It may allow a remote attacker to cause a denial of service by using a specially crafted URL, due to the lack of limitations on the number of JavaScript alert messages. This can lead to apparent browser locking. **Recommendations** For versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue. As a temporary workaround, consider restricting access to untrusted web sites to minimize the risk of exploitation. Avoid using the Safari browser to access potentially malicious web sites until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 8.4.1 **Description** The issue concerns a flaw in the CFPreferences component of the iOS operating system, related to insufficient access restrictions to certain functions. This flaw can be exploited by a remote attacker using a specially crafted app to bypass the third-party app-sandbox protection mechanism and read arbitrary managed preferences. **Recommendations** For Apple iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 8.4.1 **Description** The issue concerns the Sandbox profiles component, which lacks proper protection of service data. This allows attackers to bypass the third-party app-sandbox protection mechanism. By using a crafted app, an attacker can read arbitrary managed preferences. **Recommendations** For iOS versions prior to 8.4.1, update to version 8.4.1 or later to resolve the issue.