Andrey Labunets

**Name of the Vulnerable Software and Affected Versions** iOS versions prior to 16.2 iPadOS versions prior to 16.2 iOS versions prior to 15.7.2 iPadOS versions prior to 15.7.2 tvOS versions prior to 16.2 watchOS versions prior to 9.2 **Description** An out-of-bounds write issue was addressed with improved input validation. Parsing a maliciously crafted video file may lead to kernel code execution. **Recommendations** For iOS versions prior to 16.2, update to iOS 16.2 or later. For iPadOS versions prior to 16.2, update to iPadOS 16.2 or later. For iOS versions prior to 15.7.2, update to iOS 15.7.2 or later. For iPadOS versions prior to 15.7.2, update to iPadOS 15.7.2 or later. For tvOS versions prior to 16.2, update to tvOS 16.2 or later. For watchOS versions prior to 9.2, update to watchOS 9.2 or later.

**Name of the Vulnerable Software and Affected Versions** libcurl versions 6.0 through 7.x before 7.40.0 **Description** The issue allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via CRLF sequences in a URL when using an HTTP proxy. This occurs because libcurl copies the entire URL into the request and sends it to the proxy, including any line feeds and carriage returns present in the URL. This can be exploited by malicious users to send additional requests or insert request headers that the program did not intend, particularly in programs that allow external sources to set or provide partial pieces for the URL. **Recommendations** For libcurl versions 6.0 through 7.x before 7.40.0, update to version 7.40.0 or later to resolve the issue. As a temporary workaround, consider validating and stripping URLs of CRLF sequences before sending them to the proxy to minimize the risk of exploitation. Restrict access to the HTTP proxy to minimize the risk of malicious users injecting arbitrary HTTP headers.