Eric Monti

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 9.3 Apple tvOS versions prior to 9.2 Apple watchOS versions prior to 2.2 **Description** The issue is related to insufficient access control in the kernel of the operating system, which can be exploited by a remote attacker using a specially crafted app to bypass a code-signing protection mechanism. **Recommendations** For Apple iOS versions prior to 9.3, update to version 9.3 or later to resolve the issue. For Apple tvOS versions prior to 9.2, update to version 9.2 or later to resolve the issue. For Apple watchOS versions prior to 2.2, update to version 2.2 or later to resolve the issue.

**Name of the Vulnerable Software and Affected Versions** Apple iOS versions prior to 6.0.1 **Description** The issue concerns the extensions APIs in the kernel, which provide kernel addresses in certain responses. This makes it easier for remote attackers to bypass the Address Space Layout Randomization (ASLR) protection mechanism by using a crafted app. ASLR is a security feature that randomizes the location of an application's code and data in memory to prevent attackers from predicting where certain pieces of code or data will be. **Recommendations** For Apple iOS versions prior to 6.0.1, update to version 6.0.1 or later to resolve the issue.